Microsoft patched over 1,100 CVEs in 2025

Microsoft has addressed slightly shy of 60 newly-designated frequent vulnerabilities and exposures (CVEs) within the closing Patch Tuesday replace of a difficult 12 months for defenders, bringing the full quantity of flaws mounted this 12 months to over 1,100.

Out of this month’s flaws, three are rated as vital of their severity, one is understood to be actively exploited within the wild, and two extra are recognized to have public proofs of idea out there, however aren’t but being exploited.

The exploited vulnerability, tracked as CVE-2025-62221, impacts Home windows Cloud Recordsdata Mini Filter Driver. It arises because the end result a use after free (UAF) situation during which this system references reminiscence after it has been freed up, resulting in unpredictable and typically harmful circumstances. On this occasion, a risk actor can use it to escalate their privilege ranges on the sufferer system.

“Whereas there isn’t any confirmed public PoC for CVE-2025-62221, previous analysis and PoCs for associated Cloud Recordsdata mini-filter points recommend attackers already perceive the underlying methods,” mentioned Mike Walters, co-founder and CEO of patch administration specialist Action1.

“The actual impression of this vulnerability emerges when attackers chain it with different weaknesses. After gaining low-privileged entry by phishing, a browser exploit, or an utility RCE, they will use CVE-2025-62221 to escalate to SYSTEM and take full management of the host.”

Walters warned that with Cloud Recordsdata just about ubiquitous, and exploitation confirmed, the danger for defenders was how rapidly the flaw will grow to be a part of risk actor assault chains. He mentioned that because it solely requires low privileges to take advantage of, customers with weak least-privilege practices, or heavily-shared endpoints, could also be heading for bother.

In the meantime, the 2 publicly-disclosed vulnerabilities this month are each distant code execution (RCE) points, one affecting PowerShell – CVE-2025-54100 – and the opposite affecting GitHub Copilot for Jetbrains – CVE-2205-64671.

The PowerShell vulnerability stems from a command injection flaw that exists in how Home windows PowerShell course of net content material, which an unauthenticated attacker might sue to execute arbitrary code as a consumer who’s allowed to run crafted PowerShell instructions. Given PowerShell’s significance and function in offensive tooling, exploitation is more likely to be simple, and it possible turns into extra harmful as a part of a social engineering assault chain towards privileged customers.

The GitHub Copilot vulnerability, in the meantime, stands out as one of many extra attention-grabbing flaws being patched this month, based on Immersive senior director of cyber risk analysis Kev Breen.

“Copilot is the GenAI coding assistant that’s utilized by Microsoft and GitHub [and] this vulnerability particularly refers back to the JetBrains extensions,” defined Breen. “The vulnerability states that it’s doable to achieve code execution on affected hosts by tricking the LLM [large language model] into working instructions that bypass the guardrails and appending directions within the consumer’s ‘auto-approve’ settings.

“This may be achieved by ‘Cross Immediate Injection,’ which is the place the immediate is modified not by the consumer however by the LLM brokers as they craft their very own prompts primarily based on the content material of information or information retrieved from a Mannequin Context Protocol (MCP) server that has risen in reputation with agent-based LLMs.”

Breen mentioned that though Microsoft has marked this vulnerability as less-likely-to-be-exploited, if adopting a risk-based strategy to patching, the builders whom it targets usually have extra privileged entry to API keys or different secrets and techniques. Due to this fact, he added, anyone working GitHub Copilot for JetBrains ought to patch promptly.

Lastly, this month’s three vital flaws are all RCE vulnerabilities. Two of them, CVE-2025-62554 and CVE-2025-63557, have an effect on Microsoft Workplace, and the third, CVE-2025-65272 is to be present in Outlook.