Stay Ahead of Threats with the Latest Vulnerability Updates for December
Stay up to date on critical cyber risks, Microsoft’s December Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protecting your business from threats.
Quick Highlights
- Microsoft Patch Tuesday:
– 57 vulnerabilities disclosed
– 3 rated Critical, 3 are Zero-Day (1 actively exploited)
- Adobe Security Updates:
– 139 vulnerabilities patched across 5 products
– 14 rated Critical, affecting Creative Cloud Desktop Application, Acrobat and Reader, DNG Software Development Kit (SDK), Experience Manager, and ColdFusion
- High-Severity Advisories from Major Vendors:
– Cisco: 1 critical-severity flaws in React and Next.js Frameworks
– Fortinet: 1 critical and 1 high-severity flaws in FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, and FortiSandbox
– Ivanti: 1 critical and 3 high-severity flaws in Ivanti Endpoint Manager (EPM)
– SAP: 3 critical vulnerabilities in SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect
– Google: Fixed 3 security issues, one that is being actively exploited
– Android: Fixed 2 actively exploited zero-days
- Top Threats to Watch:
– Fortinet SSO Auth Bypass – Critical flaws allow attackers to bypass FortiCloud authentication.
– APT Collaboration – Gamaredon (Russia) and Lazarus (North Korea) sharing infrastructure.
– Insider Breach at CrowdStrike – Employee leaked internal screenshots to hackers.
– GlassWorm Malware – Self-propagating worm hiding malicious code in VS Code extensions.
– Storm-0249 Ransomware Tactics – Abuse of EDR software for stealthy persistence.
– Massive Phishing Campaign – 4,300+ domains targeting hotel guests and vacation planners.
– AI-Orchestrated Espionage – Claude AI exploited for autonomous cyber operations.
– FBI/CISA Alerts – Account takeover fraud, virtual kidnapping scams, and pro-Russia hacktivist attacks on critical infrastructure.
Windows 10 Reaches End of Support
As of October 14, 2025, Microsoft has officially ended support for Windows 10. This month’s Patch Tuesday was the final security update for the OS—unless your organization enrolls in the Extended Security Updates (ESU) program.
- What This Means for Your Organization:
– No more security patches or bug fixes for Windows 10 devices
– Increased exposure to vulnerabilities and compliance risks
- Continued support requires either:
– Enrolling in Microsoft’s paid ESU program, or
– Upgrading to Windows 11
Need help planning your transition?
Fortress SRM can help assess your environment, prioritize upgrades, and ensure your endpoints remain patch-compliant and secure.
Patch Tuesday Summary
Microsoft December 2025 Patch Tuesday
57 vulnerabilities disclosed, including 3 critical and 3 zero-days. By impact category:
- 28 Elevation of Privilege
- 19 Remote Code Execution
- 4 Information Disclosure
- 3 Denial of Service
- 3 Spoofing
Critical Common Vulnerabilities and Exposures (CVEs)
Windows Zero-Days
| CVE-ID | Details | Severity | Exploited? |
| CVE-2025-62221 | Elevation of Privilege Flaw in Windows Cloud Files Mini Filter Driver which can be used to gain SYSTEM privileges | Important | Yes |
| CVE-2025-64671 | Remote Code Execution Vulnerability in GitHub Copilot for Jetbrains which can allow an attack to execute commands locally | Important | No |
| CVE-2025-54100 | Remote Code Execution Vulnerability in PowerShell which could allow embedded scripts to be executed if the webpage is fetched using Invoke-WebRequest | Important | No |
Other Critical CVE’s Worth Mentioning
| CVE-ID | Details | Severity | Exploited? |
| CVE-2025-62554 | Microsoft Office Remote Code Execution Vulnerability | Critical | No |
| CVE-2025-62557 | Microsoft Office Remote Code Execution Vulnerability | Critical | No |
| CVE-2025-62562 | Microsoft Outlook Remote Code Execution Vulnerability | Critical | No |
Microsoft December 2025 Security Update Release
3rd Party Critical CVE’s Worth Mentioning
Adobe Products *
| CVE-ID(s) | Affected Product | Critical Issues | Key Risks |
| CVE-2025-61808 CVE-2025-61809 CVE-2025-61830 CVE-2025-61810 CVE-2025-61811 CVE-2025-61812 CVE-2025-61813 CVE-2025-61821 CVE-2025-61822 CVE-2025-61823 CVE-2025-64897 CVE-2025-64898 | Adobe Cold Fusion | 7 | Arbitrary code execution Security feature bypass Arbitrary file system read/write Privilege escalation |
| CVE-2025-64537 CVE-2025-64539 Full List-> | Adobe Experience Manager | 2 | Arbitrary code execution Privilege escalation |
| CVE-2025-64783 CVE-2025-64784 CVE-2025-64893 CVE-2025-64894 | Adobe DNG SDK | 3 | Arbitrary code execution Memory exposure Application denial-of-service |
| CVE-2025-64785 CVE-2025-64899 CVE-2025-64786 CVE-2025-64787 | Adobe Acrobat Reader | 2 | Arbitrary code execution Security feature bypass |
| CVE-2025-64896 | Adobe Creative Cloud Desktop | 0 | Application denial-of-service |
Cisco *
| CVE-ID(s) | Affected Product | Description | Severity | Exploited? |
| CVE-2025-55182 | React and Next.js Frameworks | React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system. | Critical | No |
Fortinet *
| CVE-ID | Affected Product | Description | Severity | Exploited? |
| CVE-2025-59718 CVE-2025-59719 | FortiOS, FortiWeb, FortiProxy and FortiSwitchManager | Vulnerability allows anunauthenticated attacker to bypass the FortiCloud SSO login via a crafted SAML message. | Critical | Yes |
| CVE-2025-53949 | FortiSandbox | Vulnerability allows an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests. | High | No |
Ivanti *
| CVE-ID(s) | Affected Product | Description | Severity | Exploited? |
| CVE-2025-10573 | Ivanti Endpoint Manager (EPM) | Vulnerabilityallows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. | Critical | No |
| CVE-2025-13659 | Ivanti Endpoint Manager (EPM) | Vulnerabilityallows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. | High | No |
| CVE-2025-13661 | Ivanti Endpoint Manager (EPM) | Vulnerabilityallows a remote authenticated attacker to write arbitrary files outside of the intended directory. | High | No |
| CVE-2025-13662 | Ivanti Endpoint Manager (EPM) | Vulnerabilityallows a remote unauthenticatedattacker to execute arbitrary code. | High | No |
Ivanti December 2025 Security Update
SAP *
| CVE-ID | Affected Component | Description | Severity | Exploited? |
| CVE-2025-42880 | SAP Solution Manager | Allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. | Critical | No |
| CVE-2025-55754 | SAP Commerce Cloud | Console manipulation via escape sequences in log messages | Critical | No |
| CVE-2025-42928 | SAP jConnect – SDK for ASE | High privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. | Critical | No |
| CVE-2025-42878 | SAP Web Dispatcher and Internet Communication Manager (ICM) | Unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. | High | No |
| CVE-2025-42874 | SAP NetWeaver | Allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to insufficient input validation and improper handling of remote method calls. | High | No |
| CVE-2025-48976 | SAP Business Objects | DoS vulnerability | High | No |
| CVE-2025-42877 | SAP Web Dispatcher, Internet Communication Manager and SAP Content Server | Allow an unauthenticated user to exploit logical errors that lead to a memorycorruption vulnerability. | High | No |
| CVE-2025-42876 | SAP S/4 HANA Private Cloud | An authenticated attacker with authorization limited to a single company code could read sensitive data and post or modifydocuments across all company codes. | High | No |
SAP December 2025 Security Notes
Android
- Release Date: Friday, December 5, 2025
- Key Fixes: 2 actively exploited zero-days, CVE-2025-48633 and CVE-2025-48572 involving information disclosure and elevation of privilege.
Google Chrome
- Version: 143.0.7499.109/.110 (Windows and Mac), 143.0.7499.109 (Linux)
- Release Date: Wednesday, December 10, 2025
- Key Fixes: CVE-2025-14372, CVE-2025-14373, and 1 high severity actively exploited not currently classified.
* Not handled by Fortress SRM.
Threat Intelligence Trends – December 2025
The following resources are grouped by threat type / category.
Emerging Threats
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. Read more →
Alliances of convenience: How APTs are beginning to work together
New evidence uncovered suggests that two of the world’s most aggressive advanced persistent threat (APT) actors, Russia-aligned Gamaredon and North Korea’s Lazarus, may be operating on shared infrastructure. Read more →
CrowdStrike Catches Insider Feeding Information to Hackers
American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. Read more →
Ransomware & Malware Deployment
GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace
GlassWorm malware targeting VS Code extensions on OpenVSX marketplace, using invisible Unicode characters that hides malicious intent in code editors. Read more →
Storm-0249 Hijacks EDR Software for Ransomware Staging
Financially motivated initial access broker (IAB) @Storm-0249 has shifted from using broad phishing to stealthier methods of initial access and establishing persistence. To achieve this, the IAB abused trusted endpoint detection and response (EDR) processes. Read more →
Social Engineering Exploits
Thousands of Domains Target Hotel Guests in Massive Phishing Campaign
A Russian-speaking threat actor operating an ongoing, mass phishing campaign targeting people who might be planning (or about to leave for) a vacation has registered more than 4,300 domain names used in the attacks since the beginning of the year. Read more →
AI-Driven Threats
Claude AI Abused in AI-orchestrated Cyber Espionage Campaign
This campaign demonstrated unprecedented integration and autonomy of AI throughout the attack lifecycle, with the threat actor manipulating Claude Code to support reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration operations largely autonomously. Read more →
FBI/CISA Advisories
Account Takeover Fraud via Impersonation of Financial Institution Support
The FBI warns of cyber criminals impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. Read more →
Criminals Using Altered Proof-of-Life Media to Extort Victims in Virtual Kidnapping for Ransom Scams
The FBI warns the public about criminals altering photos found on social media or other publicly available sites to use as fake proof of life photos in virtual kidnapping for ransom scams. Read more →
Title Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
The FBI, CISA, NSA, and partners release a joint advisory on Russian hacktivists targeting critical infrastructure with less sophisticated, lower impact attacks via VNC connections. Read more →
Recommended Actions
Mitigations
- Apply Microsoft December Patch Tuesday updates immediately, prioritizing critical and zero-day vulnerabilities.
- Patch Adobe, Cisco, Fortinet, Ivanti, and SAP products to address critical flaws and prevent exploitation.
- Upgrade or enroll in Extended Security Updates (ESU) for Windows 10 devices to maintain compliance and reduce risk.
- Implement least privilege access and enforce MFA to reduce insider threat impact.
- Harden EDR configurations and validate integrity to prevent abuse by ransomware actors.
Monitoring
- Monitor for FortiCloud SSO authentication bypass attempts and unusual login patterns.
- Track APT-related infrastructure indicators (Gamaredon, Lazarus) and insider activity anomalies.
- Watch for GlassWorm indicators in VS Code extensions and OpenVSX marketplace downloads.
- Monitor DNS and web traffic for phishing domains targeting travel/hospitality.
- Observe AI-related activity for signs of automated reconnaissance or exploitation.
Detection Tips
- Deploy rules to detect Unicode-based obfuscation in code repositories (GlassWorm).
- Alert on unexpected EDR process manipulation or persistence techniques (Storm-0249).
- Flag large-scale domain registrations and suspicious email campaigns linked to phishing.
- Detect anomalous API calls or privilege escalations in Fortinet, Ivanti, and SAP environments.
- Use behavioral analytics to identify AI-driven attack patterns and insider data exfiltration.
About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering
Why Patching Matters
Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities.
Vigilant Managed Cyber Hygiene
Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management.
- Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications
- Critical patches, OS upgrades, and configuration updates for all devices, on/off network
- 24/7/365 U.S.-based monitoring and real-time reporting for full visibility
Stay Protected. Stay Proactive.
Learn how Fortress SRM can enhance your cybersecurity strategy →