Patch Tuesday: December 2025 (Expel’s version)

December Patch Tuesday (Dec 9, 2025) covers 57 CVEs including three zero-days — notably an actively exploited Windows Cloud Files Mini Filter Driver UAF (CVE-2025-62221) enabling SYSTEM escalation — plus public RCE disclosures for GitHub Copilot and PowerShell and a RRAS heap overflow; the report also highlights massive EPSS score fluctuations in November affecting thousands of CVEs and urges prioritized patching and exploit-risk monitoring.