CVE-2025-62221 and CVE-2025-54100: Windows Elevation of Privilege and RCE Zero-Day Vulnerabilities Patched

Microsoft's December 2025 Patch Tuesday fixed 57 vulnerabilities, notably two zero-days: CVE-2025-62221, an actively exploited use-after-free elevation-of-privilege in the Windows Cloud Files minifilter that can yield SYSTEM access (CISA added it to the KEV catalog), and CVE-2025-54100, a PowerShell parsing RCE that enables code execution via crafted commands and social engineering (no active exploitation reported). Organizations are urged to apply updates immediately and leverage detection content to identify exploitation attempts.