Microsoft has released its final Patch Tuesday of 2025, addressing 56 CVEs, including two publicly disclosed vulnerabilities and one zero-day that was exploited in the wild. Elevation of privilege flaws made up half of all patches this month, followed by remote code execution vulnerabilities at nearly 34 per cent. Satnam Narang, Senior Staff Research Engineer at Tenable, provided insight into the December release and the broader trends shaping Microsoft’s vulnerability landscape this year.
Narang noted that December closes out the year with one of Microsoft’s smallest Patch Tuesday releases, with 55 CVEs patched, matching the lowest total from February. Despite quieter months late in the year, Microsoft patched 1,129 CVEs across 2025—an 11.9 per cent increase from 2024 and the second-largest annual total on record. This is also the second consecutive year in which Microsoft addressed more than 1,000 CVEs, and only the third time it has crossed this threshold.
Two vulnerabilities stand out this month. The first is CVE-2025-62221, an elevation of privilege flaw in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that has been exploited as a zero-day. Narang said EoP flaws can turn “a foothold into a full breach,” with attackers commonly using them for lateral movement and post-compromise activity after gaining initial access via phishing, social engineering or another exploited vulnerability. The Cloud Files Mini Filter Driver is an appealing target because it enables cloud applications to interface with the file system.
The second vulnerability highlights an emerging attack surface linked to the rapid proliferation of AI agents inside developer environments. CVE-2025-64671 is a remote code execution vulnerability affecting the GitHub Copilot plugin for JetBrains IDEs. Narang said this flaw appears to be part of a broader set of vulnerabilities across multiple IDEs and AI-assisted coding tools, including GitHub Copilot, Cursor, JetBrains Junie, Roo Code and Claude Code. Security researcher Ari Marzuk has labelled the systemic issue “IDEsaster,” reflecting the growing risk of prompt injection-based attacks that allow adversaries to access base IDE layers, potentially leading to information disclosure or command execution.