OnlyFm252
Patch Tuesday Archive

Patch Tuesday December 2025

Total CVEs

65

Critical

8

Important

55

Exploited

1

Publicly Disclosed

2

All CVEs this month 65

CVE Title Severity CVSS Product Exploited Disclosed
CVE-2025-62554 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 Microsoft Office - -
CVE-2025-62557 Microsoft Office Remote Code Execution Vulnerability Critical 8.4 Microsoft Office - -
CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability Critical 9.9 Azure Cognitive Service for Language - Custom Question Answering - -
CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability Critical 8.3 Azure Cosmos DB - -
CVE-2025-64676 Microsoft Purview eDiscovery Remote Code Execution Vulnerability Critical 7.2 Microsoft Purview - -
CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability Critical 8.2 Office Out-of-Box Experience - -
CVE-2025-65037 Azure Container Apps Remote Code Execution Vulnerability Critical 10 Azure Container Apps - -
CVE-2025-65041 Microsoft Partner Center Elevation of Privilege Vulnerability Critical 10 Microsoft Partner Center - -
CVE-2025-54100 PowerShell Remote Code Execution Vulnerability Important 7.8 Windows PowerShell - Yes
CVE-2025-55233 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 Windows Projected File System - -
CVE-2025-59516 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important 7.8 Windows Storage VSP Driver - -
CVE-2025-59517 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important 7.8 Windows Storage VSP Driver - -
CVE-2025-62221 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 Windows Cloud Files Mini Filter Driver Yes -
CVE-2025-62454 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 Windows Cloud Files Mini Filter Driver - -
CVE-2025-62455 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 Windows Message Queuing - -
CVE-2025-62456 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 8.8 Windows Resilient File System (ReFS) - -
CVE-2025-62457 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 Windows Cloud Files Mini Filter Driver - -
CVE-2025-62458 Win32k Elevation of Privilege Vulnerability Important 7.8 Windows Win32K - GRFX - -
CVE-2025-62461 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 Windows Projected File System Filter Driver - -
CVE-2025-62462 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 Windows Projected File System - -
CVE-2025-62463 DirectX Graphics Kernel Denial of Service Vulnerability Important 6.5 Windows DirectX - -
CVE-2025-62464 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 Windows Projected File System - -
CVE-2025-62465 DirectX Graphics Kernel Denial of Service Vulnerability Important 6.5 Windows DirectX - -
CVE-2025-62466 Windows Client-Side Caching Elevation of Privilege Vulnerability Important 7.8 Windows Client-Side Caching (CSC) Service - -
CVE-2025-62467 Windows Projected File System Elevation of Privilege Vulnerability Important 7.8 Windows Projected File System - -
CVE-2025-62468 Windows Defender Firewall Service Information Disclosure Vulnerability Important 5.5 Windows Defender Firewall Service - -
CVE-2025-62469 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7 Microsoft Brokering File System - -
CVE-2025-62470 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 Windows Common Log File System Driver - -
CVE-2025-62472 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 Windows Remote Access Connection Manager - -
CVE-2025-62473 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Important 6.5 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-62474 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 Windows Remote Access Connection Manager - -
CVE-2025-62549 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-62550 Azure Monitor Agent Remote Code Execution Vulnerability Important 8.8 Azure Monitor Agent - -
CVE-2025-62552 Microsoft Access Remote Code Execution Vulnerability Important 7.8 Microsoft Office Access - -
CVE-2025-62553 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-62555 Microsoft Word Remote Code Execution Vulnerability Important 7 Microsoft Office Word - -
CVE-2025-62556 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-62558 Microsoft Word Remote Code Execution Vulnerability Important 7.8 Microsoft Office Word - -
CVE-2025-62559 Microsoft Word Remote Code Execution Vulnerability Important 7.8 Microsoft Office Word - -
CVE-2025-62560 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-62561 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-62562 Microsoft Outlook Remote Code Execution Vulnerability Important 7.8 Microsoft Office Outlook - -
CVE-2025-62563 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-62564 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office Excel - -
CVE-2025-62565 Windows File Explorer Elevation of Privilege Vulnerability Important 7.3 Windows Shell - -
CVE-2025-62567 Windows Hyper-V Denial of Service Vulnerability Important 5.3 Windows Hyper-V - -
CVE-2025-62569 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7 Microsoft Brokering File System - -
CVE-2025-62570 Windows Camera Frame Server Monitor Information Disclosure Vulnerability Important 7.1 Windows Camera Frame Server Monitor - -
CVE-2025-62571 Windows Installer Elevation of Privilege Vulnerability Important 7.8 Windows Installer - -
CVE-2025-62572 Application Information Service Elevation of Privilege Vulnerability Important 7.8 Application Information Services - -
CVE-2025-62573 DirectX Graphics Kernel Elevation of Privilege Vulnerability Important 7 Windows DirectX - -
CVE-2025-64658 Windows File Explorer Elevation of Privilege Vulnerability Important 7.5 Windows Shell - -
CVE-2025-64661 Windows Shell Elevation of Privilege Vulnerability Important 7.8 Windows Shell - -
CVE-2025-64666 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.5 Microsoft Exchange Server - -
CVE-2025-64667 Microsoft Exchange Server Spoofing Vulnerability Important 5.3 Microsoft Exchange Server - -
CVE-2025-64669 Windows Admin Center Elevation of Privilege Vulnerability Important 7.8 Windows Admin Center - -
CVE-2025-64670 Windows DirectX Information Disclosure Vulnerability Important 6.5 Microsoft Graphics Component - -
CVE-2025-64671 GitHub Copilot for Jetbrains Remote Code Execution Vulnerability Important 8.4 Copilot - Yes
CVE-2025-64672 Microsoft SharePoint Server Spoofing Vulnerability Important 8.8 Microsoft Office SharePoint - -
CVE-2025-64673 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important 7.8 Storvsp.sys Driver - -
CVE-2025-64678 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 Windows Routing and Remote Access Service (RRAS) - -
CVE-2025-64679 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 Windows DWM Core Library - -
CVE-2025-64680 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 Windows DWM Core Library - -
CVE-2025-62223 Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability Low 4.3 Microsoft Edge for iOS - -
CVE-2025-65046 Microsoft Edge (Chromium-based) Spoofing Vulnerability Low 3.1 Microsoft Edge (Chromium-based) - -

    Threat Categories 5

    Threat Category CVEs Critical
    Elevation of Privilege 31 2
    Remote Code Execution 21 4
    Spoofing 6 2
    Information Disclosure 4 -
    Denial of Service 3 -

    Affected Products 41

    Product CVEs Exploited
    Microsoft Office Excel 6 -
    Windows Projected File System 4 -
    Windows Cloud Files Mini Filter Driver 3 1
    Windows DirectX 3 -
    Windows Routing and Remote Access Service (RRAS) 3 -
    Microsoft Office Word 3 -
    Windows Shell 3 -
    Microsoft Office 2 -
    Windows Storage VSP Driver 2 -
    Microsoft Brokering File System 2 -
    Windows Remote Access Connection Manager 2 -
    Microsoft Exchange Server 2 -
    Windows DWM Core Library 2 -
    Azure Cognitive Service for Language - Custom Question Answering 1 -
    Azure Cosmos DB 1 -
    Microsoft Purview 1 -
    Office Out-of-Box Experience 1 -
    Azure Container Apps 1 -
    Microsoft Partner Center 1 -
    Windows PowerShell 1 -
    Windows Message Queuing 1 -
    Windows Resilient File System (ReFS) 1 -
    Windows Win32K - GRFX 1 -
    Windows Projected File System Filter Driver 1 -
    Windows Client-Side Caching (CSC) Service 1 -
    Windows Defender Firewall Service 1 -
    Windows Common Log File System Driver 1 -
    Azure Monitor Agent 1 -
    Microsoft Office Access 1 -
    Microsoft Office Outlook 1 -
    Windows Hyper-V 1 -
    Windows Camera Frame Server Monitor 1 -
    Windows Installer 1 -
    Application Information Services 1 -
    Windows Admin Center 1 -
    Microsoft Graphics Component 1 -
    Copilot 1 -
    Microsoft Office SharePoint 1 -
    Storvsp.sys Driver 1 -
    Microsoft Edge for iOS 1 -
    Microsoft Edge (Chromium-based) 1 -