Report Name: Microsoft Patch Tuesday, December 2025Generated: 2025-12-09 23:11:00
| Product Name | Prevalence | U | C | H | M | L | A | Comment |
|---|---|---|---|---|---|---|---|---|
| Windows Win32k | 0.9 | 1 | 1 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | ||||
| DirectX Graphics Kernel | 0.8 | 3 | 3 | DirectX Graphics Kernel | ||||
| Microsoft Exchange | 0.8 | 2 | 2 | Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft | ||||
| Microsoft Office | 0.8 | 2 | 2 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | ||||
| Microsoft PowerShell | 0.8 | 1 | 1 | PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language | ||||
| Windows Camera Frame Server Monitor | 0.8 | 1 | 1 | Windows component | ||||
| Windows Client-Side Caching | 0.8 | 1 | 1 | Windows component | ||||
| Windows Cloud Files Mini Filter Driver | 0.8 | 1 | 2 | 3 | Windows component | |||
| Windows Common Log File System Driver | 0.8 | 1 | 1 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | ||||
| Windows DWM Core Library | 0.8 | 2 | 2 | Windows component | ||||
| Windows Defender Firewall Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows DirectX | 0.8 | 1 | 1 | Windows component | ||||
| Windows File Explorer | 0.8 | 2 | 2 | Windows component | ||||
| Windows Installer | 0.8 | 1 | 1 | Windows component | ||||
| Windows Projected File System | 0.8 | 5 | 5 | Windows component | ||||
| Windows Remote Access Connection Manager | 0.8 | 2 | 2 | Windows component | ||||
| Windows Resilient File System (ReFS) | 0.8 | 1 | 1 | Windows component | ||||
| Windows Routing and Remote Access Service (RRAS) | 0.8 | 2 | 1 | 3 | Windows component | |||
| Windows Shell | 0.8 | 1 | 1 | Windows component | ||||
| Windows Storage | 0.8 | 1 | 1 | 2 | Windows component | |||
| Windows Storage VSP Driver | 0.8 | 1 | 1 | Windows component | ||||
| Microsoft Access | 0.6 | 1 | 1 | MS Office product | ||||
| Microsoft Excel | 0.6 | 6 | 6 | MS Office product | ||||
| Microsoft Outlook | 0.6 | 1 | 1 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | ||||
| Microsoft Word | 0.6 | 3 | 3 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | ||||
| Windows Hyper-V | 0.6 | 1 | 1 | Hardware virtualization component of the client editions of Windows NT | ||||
| Application Information Service | 0.5 | 1 | 1 | Application Information Service | ||||
| Azure Monitor Agent | 0.5 | 1 | 1 | Azure Monitor Agent | ||||
| GitHub Copilot for Jetbrains | 0.5 | 1 | 1 | GitHub Copilot for Jetbrains | ||||
| Microsoft Brokering File System | 0.5 | 2 | 2 | Microsoft Brokering File System | ||||
| Microsoft Message Queuing (MSMQ) | 0.5 | 1 | 1 | Microsoft Message Queuing (MSMQ) | ||||
| Microsoft SharePoint Server | 0.5 | 1 | 1 | Microsoft SharePoint Server |
| Vulnerability Type | Criticality | U | C | H | M | L | A |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 6 | 13 | 19 | |||
| Authentication Bypass | 0.98 | 1 | 1 | ||||
| Elevation of Privilege | 0.85 | 1 | 26 | 27 | |||
| Information Disclosure | 0.83 | 4 | 4 | ||||
| Denial of Service | 0.7 | 3 | 3 | ||||
| Spoofing | 0.4 | 2 | 2 |
| Source | U | C | H | M | L | A |
|---|---|---|---|---|---|---|
| Qualys | 5 | 7 | 12 | |||
| Tenable | 4 | 4 | 8 | |||
| ZDI | 2 | 2 | 4 |
1. 
Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2025-62221) - High [594]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Microsoft website | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-62221: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability A use-after-free flaw in Windows Cloud Files Mini Filter Driver may allow the attacker to gain SYSTEM privileges. CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog and urging users to patch it before December 30, 2025.
Tenable: Microsoft’s December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221)
Tenable: CVE-2025-62221 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Tenable: CVE-2025-62221 is an EoP vulnerability in the Windows Cloud Files Mini Filter Driver. It was assigned a CVSSv3 score of 7.8 and rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.
ZDI: CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. This is the only bug listed as under active attack for this month, and – at least on the surface – looks similar to a bug patched in October. However, the bug back in October was a race condition where this is a Use After Free (UAF). It allows an attacker to perform a privilege escalation on an affected system. These types of bugs are often combined with a code execution bug to take over a system. It appears to affect every supported version of Windows, so if you must prioritize, this should be on the top of your list.
2. 
Remote Code Execution - Windows Resilient File System (ReFS) (CVE-2025-62456) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
3. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2025-62549) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
4. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2025-64678) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
5. Remote Code Execution - Microsoft Office (CVE-2025-62554) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-62554: Microsoft Office Remote Code Execution Vulnerability A type confusion vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code remotely.
Tenable: CVE-2025-62554 and CVE-2025-62557 | Microsoft Office Remote Code Execution Vulnerability
Tenable: CVE-2025-62554 and CVE-2025-62557 are RCE vulnerabilities affecting Microsoft Office. Both received CVSSv3 scores of 8.4 and were rated as critical. An attacker could exploit these flaws through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.
ZDI: CVE-2025-62554/62557 - Microsoft Office Remote Code Execution Vulnerability. Here we are again, looking at two Office bugs where the Preview Pane is an attack vector. For those counting (like me), that makes 11 months in a row with a Critical-rated Office bug, including the Preview Pane as an attack vector. If you’re a Mac user, you are out of luck, as updates for Office LTSC for Mac 2021 and 2024 are not available. Let’s hope Microsoft gets those out before exploitation begins.
6. Remote Code Execution - Microsoft Office (CVE-2025-62557) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-62557: Microsoft Office Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code remotely.
Tenable: CVE-2025-62554 and CVE-2025-62557 | Microsoft Office Remote Code Execution Vulnerability
Tenable: CVE-2025-62554 and CVE-2025-62557 are RCE vulnerabilities affecting Microsoft Office. Both received CVSSv3 scores of 8.4 and were rated as critical. An attacker could exploit these flaws through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.
7. Remote Code Execution - Microsoft PowerShell (CVE-2025-54100) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-54100: PowerShell Remote Code Execution Vulnerability A command injection flaw in the Windows PowerShell allows an unauthorized attacker to execute code remotely. After installing the updates, using the Invoke-WebRequest command triggers a confirmation prompt that warns users about the potential security risks associated with script execution. Here is the command prompt: Security Warning: Script Execution Risk Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed. RECOMMENDED ACTION: Use the -UseBasicParsing switch to avoid script code execution. Do you want to continue? ``` For additional details, see KB5074596: PowerShell 5.1: Preventing script execution from web content.
Tenable: CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability
Tenable: CVE-2025-54100 is a RCE vulnerability in Windows PowerShell. This vulnerability was assigned a CVSSv3 score of 7.8 and is rated as important. According to the advisory, this RCE was publicly disclosed prior to a patch being made available. The advisory notes that after installing the update, a warning prompt will be displayed anytime the Invoke-WebRequest command is used.
8. 
Authentication Bypass - Windows Storage (CVE-2025-59517) - High [403]
Description: Improper access control in
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.98 | 15 | Authentication Bypass | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
9. Elevation of Privilege - Windows Win32k (CVE-2025-62458) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
Tenable: CVE-2025-62458 | Win32k Elevation of Privilege Vulnerability
Tenable: CVE-2025-62458 is an EoP vulnerability affecting Microsoft’s Win32k, a core kernel-side driver used in Windows. This vulnerability received a CVSSv3 score of 7.8, was rated as important and assessed as “Exploitation More Likely.” Successful exploitation of this vulnerability would allow an attacker to gain SYSTEM level privileges on an affected host.
Tenable: Including CVE-2025-62458, this is the ninth EoP vulnerability affecting Win32k addressed by Microsoft in 2025, with 14 EoP flaws addressed in the driver throughout 2024.
10. Elevation of Privilege - Microsoft Exchange (CVE-2025-64666) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
11. Elevation of Privilege - Windows Client-Side Caching (CVE-2025-62466) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
12. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2025-62454) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
Tenable: Microsoft also patched two additional EoP vulnerabilities in the Windows Cloud Files Mini Filter Driver, CVE-2025-62454 and CVE-2025-62457. Both were assigned the same CVSSv3 score of 7.8 and rated important. However, CVE-2025-62454 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index while CVE-2025-62457 was assessed as “Exploitation Unlikely.”
13. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2025-62457) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: Microsoft also patched two additional EoP vulnerabilities in the Windows Cloud Files Mini Filter Driver, CVE-2025-62454 and CVE-2025-62457. Both were assigned the same CVSSv3 score of 7.8 and rated important. However, CVE-2025-62454 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index while CVE-2025-62457 was assessed as “Exploitation Unlikely.”
14. Elevation of Privilege - Windows Common Log File System Driver (CVE-2025-62470) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Common Log File System is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
15. Elevation of Privilege - Windows DWM Core Library (CVE-2025-64679) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
16. Elevation of Privilege - Windows DWM Core Library (CVE-2025-64680) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
17. Elevation of Privilege - Windows File Explorer (CVE-2025-64658) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
18. Elevation of Privilege - Windows Installer (CVE-2025-62571) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
19. Elevation of Privilege - Windows Projected File System (CVE-2025-55233) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
20. Elevation of Privilege - Windows Projected File System (CVE-2025-62461) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
21. Elevation of Privilege - Windows Projected File System (CVE-2025-62462) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
22. Elevation of Privilege - Windows Projected File System (CVE-2025-62464) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
23. Elevation of Privilege - Windows Projected File System (CVE-2025-62467) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
24. Elevation of Privilege - Windows Remote Access Connection Manager (CVE-2025-62472) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
25. Elevation of Privilege - Windows Remote Access Connection Manager (CVE-2025-62474) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
26. Elevation of Privilege - Windows Shell (CVE-2025-64661) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
27. Elevation of Privilege - Windows Storage (CVE-2025-59516) - Medium [380]
Description: Missing authentication for critical function in
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to NVD data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
28. Elevation of Privilege - Windows Storage VSP Driver (CVE-2025-64673) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
29. Remote Code Execution - Microsoft Access (CVE-2025-62552) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
30. Remote Code Execution - Microsoft Excel (CVE-2025-62553) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
31. Remote Code Execution - Microsoft Excel (CVE-2025-62556) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
32. Remote Code Execution - Microsoft Excel (CVE-2025-62560) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
33. Remote Code Execution - Microsoft Excel (CVE-2025-62561) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
34. Remote Code Execution - Microsoft Excel (CVE-2025-62563) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
35. Remote Code Execution - Microsoft Excel (CVE-2025-62564) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
36. Remote Code Execution - Microsoft Outlook (CVE-2025-62562) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-62562: Microsoft Outlook Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Office Outlook may allow an unauthenticated attacker to execute code remotely.
ZDI: CVE-2025-62562 - Microsoft Outlook Remote Code Execution Vulnerability. At first glance, I thought this was another Preview Pane issue, but it isn’t. In fact, this is only rated Critical for SharePoint Enterprise Server 2016 – it’s rated Important for everything else. However, the CVSS is the same (7.8) for all affected platforms. For this bug, the attacker would need to convince a user to reply to a specially crafted email. It’s not clear why this is worse on SharePoint 2016, but if you are running this version in your enterprise, don’t skip this update.
37. Remote Code Execution - Microsoft Word (CVE-2025-62558) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
38. Remote Code Execution - Microsoft Word (CVE-2025-62559) - Medium [373]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
39. Remote Code Execution - Azure Monitor Agent (CVE-2025-62550) - Medium [369]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Azure Monitor Agent | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
40. Elevation of Privilege - DirectX Graphics Kernel (CVE-2025-62573) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
41. Elevation of Privilege - Windows File Explorer (CVE-2025-62565) - Medium [368]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
42. 
Information Disclosure - Windows Camera Frame Server Monitor (CVE-2025-62570) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
43. Information Disclosure - Windows DirectX (CVE-2025-64670) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
44. Information Disclosure - Windows Routing and Remote Access Service (RRAS) (CVE-2025-62473) - Medium [364]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
45. Remote Code Execution - Microsoft Word (CVE-2025-62555) - Medium [361]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product. | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
46. Remote Code Execution - GitHub Copilot for Jetbrains (CVE-2025-64671) - Medium [357]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | GitHub Copilot for Jetbrains | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2025-64671: GitHub Copilot for JetBrains Remote Code Execution Vulnerability A command injection flaw in Copilot may allow an unauthenticated attacker to execute code remotely.
Tenable: CVE-2025-64671 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability
Tenable: CVE-2025-64671 is a RCE vulnerability in the GitHub Copilot Plugin for JetBrains Integrated Development Environments (IDEs). It was assigned a CVSSv3 score of 8.4, rated important and assessed as “Exploitation Less Likely” The issue stems from a command injection vulnerability in GitHub Copilot. An attacker could leverage a “malicious Cross Prompt Inject” either through an MCP Server or untrusted files. Successful exploitation would grant an attacker the ability to append unapproved commands onto existing allowed commands due to the ‘auto-approve’ setting in the terminal.
ZDI: CVE-2025-64671 - GitHub Copilot for Jetbrains Remote Code Execution Vulnerability. This is the bug listed as publicly known, and it’s a command injection bug in Copilot that allows an unauthorized user to execute their code on an affected system. It’s listed as local, but it’s likely that a remote attacker could socially engineer someone to trigger the command injection. By exploiting a malicious cross-prompt injection in untrusted files or Model Context Protocol (MCP) servers, an attacker could piggyback extra commands onto those permitted by the user’s terminal auto-approve settings, causing them to be executed without further confirmation. I expect we’ll see many more bugs like these in 2026.
47. 
Denial of Service - DirectX Graphics Kernel (CVE-2025-62463) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
48. Denial of Service - DirectX Graphics Kernel (CVE-2025-62465) - Medium [341]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | DirectX Graphics Kernel | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
49. Elevation of Privilege - Application Information Service (CVE-2025-62572) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Application Information Service | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
50. Elevation of Privilege - Microsoft Message Queuing (MSMQ) (CVE-2025-62455) - Medium [330]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
51. Information Disclosure - Windows Defender Firewall Service (CVE-2025-62468) - Medium [329]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.4 | 10 | CVSS Base Score is 4.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
52. Elevation of Privilege - Microsoft Brokering File System (CVE-2025-62469) - Medium [318]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Brokering File System | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
53. Elevation of Privilege - Microsoft Brokering File System (CVE-2025-62569) - Medium [318]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Brokering File System | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
54. Denial of Service - Windows Hyper-V (CVE-2025-62567) - Medium [284]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.5 | 10 | CVSS Base Score is 5.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
55. 
Spoofing - Microsoft Exchange (CVE-2025-64667) - Medium [264]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft | |
| 0.5 | 10 | CVSS Base Score is 5.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
56. Spoofing - Microsoft SharePoint Server (CVE-2025-64672) - Medium [261]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0 | 17 | The existence of publicly available or private exploit is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Elevation of Privilege (1)Qualys: CVE-2025-62221: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability A use-after-free flaw in Windows Cloud Files Mini Filter Driver may allow the attacker to gain SYSTEM privileges. CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog and urging users to patch it before December 30, 2025.
Tenable: Microsoft’s December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221)
Tenable: CVE-2025-62221 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Tenable: CVE-2025-62221 is an EoP vulnerability in the Windows Cloud Files Mini Filter Driver. It was assigned a CVSSv3 score of 7.8 and rated as important. A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM privileges. According to Microsoft, this vulnerability was exploited in the wild as a zero-day.
ZDI: CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. This is the only bug listed as under active attack for this month, and – at least on the surface – looks similar to a bug patched in October. However, the bug back in October was a race condition where this is a Use After Free (UAF). It allows an attacker to perform a privilege escalation on an affected system. These types of bugs are often combined with a code execution bug to take over a system. It appears to affect every supported version of Windows, so if you must prioritize, this should be on the top of your list.
Remote Code Execution (19)Qualys: CVE-2025-62554: Microsoft Office Remote Code Execution Vulnerability A type confusion vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code remotely.
Qualys: CVE-2025-62557: Microsoft Office Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Office may allow an unauthenticated attacker to execute code remotely.
Tenable: CVE-2025-62554 and CVE-2025-62557 | Microsoft Office Remote Code Execution Vulnerability
Tenable: CVE-2025-62554 and CVE-2025-62557 are RCE vulnerabilities affecting Microsoft Office. Both received CVSSv3 scores of 8.4 and were rated as critical. An attacker could exploit these flaws through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.
ZDI: CVE-2025-62554/62557 - Microsoft Office Remote Code Execution Vulnerability. Here we are again, looking at two Office bugs where the Preview Pane is an attack vector. For those counting (like me), that makes 11 months in a row with a Critical-rated Office bug, including the Preview Pane as an attack vector. If you’re a Mac user, you are out of luck, as updates for Office LTSC for Mac 2021 and 2024 are not available. Let’s hope Microsoft gets those out before exploitation begins.
Qualys: CVE-2025-54100: PowerShell Remote Code Execution Vulnerability A command injection flaw in the Windows PowerShell allows an unauthorized attacker to execute code remotely. After installing the updates, using the Invoke-WebRequest command triggers a confirmation prompt that warns users about the potential security risks associated with script execution. Here is the command prompt: Security Warning: Script Execution Risk Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed. RECOMMENDED ACTION: Use the -UseBasicParsing switch to avoid script code execution. Do you want to continue? ``` For additional details, see KB5074596: PowerShell 5.1: Preventing script execution from web content.
Tenable: CVE-2025-54100 | PowerShell Remote Code Execution Vulnerability
Tenable: CVE-2025-54100 is a RCE vulnerability in Windows PowerShell. This vulnerability was assigned a CVSSv3 score of 7.8 and is rated as important. According to the advisory, this RCE was publicly disclosed prior to a patch being made available. The advisory notes that after installing the update, a warning prompt will be displayed anytime the Invoke-WebRequest command is used.
Qualys: CVE-2025-62562: Microsoft Outlook Remote Code Execution Vulnerability A use-after-free vulnerability in Microsoft Office Outlook may allow an unauthenticated attacker to execute code remotely.
ZDI: CVE-2025-62562 - Microsoft Outlook Remote Code Execution Vulnerability. At first glance, I thought this was another Preview Pane issue, but it isn’t. In fact, this is only rated Critical for SharePoint Enterprise Server 2016 – it’s rated Important for everything else. However, the CVSS is the same (7.8) for all affected platforms. For this bug, the attacker would need to convince a user to reply to a specially crafted email. It’s not clear why this is worse on SharePoint 2016, but if you are running this version in your enterprise, don’t skip this update.
Qualys: CVE-2025-64671: GitHub Copilot for JetBrains Remote Code Execution Vulnerability A command injection flaw in Copilot may allow an unauthenticated attacker to execute code remotely.
Tenable: CVE-2025-64671 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability
Tenable: CVE-2025-64671 is a RCE vulnerability in the GitHub Copilot Plugin for JetBrains Integrated Development Environments (IDEs). It was assigned a CVSSv3 score of 8.4, rated important and assessed as “Exploitation Less Likely” The issue stems from a command injection vulnerability in GitHub Copilot. An attacker could leverage a “malicious Cross Prompt Inject” either through an MCP Server or untrusted files. Successful exploitation would grant an attacker the ability to append unapproved commands onto existing allowed commands due to the ‘auto-approve’ setting in the terminal.
ZDI: CVE-2025-64671 - GitHub Copilot for Jetbrains Remote Code Execution Vulnerability. This is the bug listed as publicly known, and it’s a command injection bug in Copilot that allows an unauthorized user to execute their code on an affected system. It’s listed as local, but it’s likely that a remote attacker could socially engineer someone to trigger the command injection. By exploiting a malicious cross-prompt injection in untrusted files or Model Context Protocol (MCP) servers, an attacker could piggyback extra commands onto those permitted by the user’s terminal auto-approve settings, causing them to be executed without further confirmation. I expect we’ll see many more bugs like these in 2026.
Authentication Bypass (1)Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
Elevation of Privilege (26)Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
Tenable: CVE-2025-62458 | Win32k Elevation of Privilege Vulnerability
Tenable: CVE-2025-62458 is an EoP vulnerability affecting Microsoft’s Win32k, a core kernel-side driver used in Windows. This vulnerability received a CVSSv3 score of 7.8, was rated as important and assessed as “Exploitation More Likely.” Successful exploitation of this vulnerability would allow an attacker to gain SYSTEM level privileges on an affected host.
Tenable: Including CVE-2025-62458, this is the ninth EoP vulnerability affecting Win32k addressed by Microsoft in 2025, with 14 EoP flaws addressed in the driver throughout 2024.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
Tenable: Microsoft also patched two additional EoP vulnerabilities in the Windows Cloud Files Mini Filter Driver, CVE-2025-62454 and CVE-2025-62457. Both were assigned the same CVSSv3 score of 7.8 and rated important. However, CVE-2025-62454 was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index while CVE-2025-62457 was assessed as “Exploitation Unlikely.”
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
Qualys: Other Microsoft Vulnerability Highlights CVE-2025-62454 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62458 is an elevation of privilege vulnerability in the Win32k. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-62470 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-62472 is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. CVE-2025-59516 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges. CVE-2025-59517 is an elevation of privilege vulnerability in the Windows Storage VSP Driver. Successful exploitation of the vulnerability may allow the attacker to gain SYSTEM privileges.
Information Disclosure (4)Denial of Service (3)Spoofing (2)