Microsoft 2025 Fixes, Chrome Zero-Day, Enterprise Security Flaws – Cybersecurity News [December 08, 2025]

by | Dec 15, 2025 | Announcements

cybersecurity news

Microsoft 2025 Fixes, Chrome Zero-Day, Enterprise Security Flaws – Cybersecurity News [December 08, 2025]

by DuoCircle

 

Cyber incidents this week spanned operating systems, browsers, enterprise platforms, hardware, and developer tooling. Microsoft closed out the year patching 56 Windows flaws and three zero days, while Google rushed an emergency fix for an actively exploited Chrome bug. Fortinet, Ivanti, and SAP shipped critical updates for auth bypass and RCE risks, and new PCIe IDE weaknesses prompted firmware work from Intel and AMD. At the same time, a Gogs zero day and abused GitHub tokens highlighted ongoing threats to software supply chains.

 

Microsoft wraps up 2025 with critical fixes for Windows, PowerShell, and Copilot tooling

Microsoft wrapped up 2025 Patch Tuesday with fixes for 56 vulnerabilities across Windows, including three rated Critical and one actively exploited zero day. The exploited flaw, CVE-2025-62221, is a use after free bug in the Windows Cloud Files minifilter that lets attackers with low privileged access escalate to SYSTEM. Since this component underpins popular sync clients, it is a high-value local privilege escalation target when chained with phishing, browser exploits, or other remote code execution paths. A Western cybersecurity agency has added it to its Known Exploited Vulnerabilities catalog and set a late December deadline for patching.

Two more zero days highlight risks in scripting and AI-assisted development. CVE-2025-54100 is a PowerShell command injection vulnerability that can be triggered via crafted web content returned to commands such as Invoke WebRequest, enabling local code execution. CVE-2025-64671 affects GitHub Copilot for JetBrains as part of the broader IDEsaster class, where AI agents inside IDEs can be manipulated via prompt injection and weak command execution tooling to bypass allow lists and leak data. Alongside these, a wide range of major software, cloud, hardware, and OT vendors have also released security updates, making this a broad, multi-vendor patching cycle.

 

allow lists and leak data.

 

Chrome zero day under active attack prompts urgent Google security update

Google has released an emergency Chrome update to fix a high-severity zero-day vulnerability that is already being exploited. The Stable release has been bumped to version 143.0.7499.109/.110 on Windows and Mac and 143.0.7499.109 on Linux. Google confirmed it is aware of an exploit for Issue 466192044 in the wild but is withholding technical details, listing the case as “Under coordination” to prevent further weaponization while users patch. If the flaw also affects a shared third-party library, details will remain restricted until other projects have shipped fixes.

Alongside the zero day, the update addresses two medium-severity bugs reported by external researchers. CVE-2025-14372 is a use-after-free flaw in the Chrome Password Manager that could lead to memory corruption or code execution. CVE-2025-14373 involves an inappropriate implementation in the Chrome Toolbar. Users and administrators are urged to update Chrome via Help > About Google Chrome and restart the browser so the protections take effect.

 

Authentication bypass and code execution risks discovered in major enterprise platforms

Fortinet, Ivanti, and SAP have issued critical security updates to address vulnerabilities that, if not remediated, could allow authentication bypass and remote code execution. Fortinet addressed two near-maximum severity flaws in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager (CVE-2025-59718 and CVE-2025-59719, CVSS 9.8) caused by improper verification of cryptographic signatures, which can let an unauthenticated attacker bypass FortiCloud SSO login using crafted SAML messages when that feature is enabled. As an interim safeguard, administrators are advised to disable FortiCloud SSO until upgrades are applied.

 

cybersecurity alerts

 

Ivanti fixed four Endpoint Manager vulnerabilities, including a critical stored XSS (CVE-2025-10573, CVSS 9.6) that allows an unauthenticated attacker to poison the EPM dashboard with malicious JavaScript and hijack administrator sessions, along with three additional high-severity bugs that can lead to remote code execution, one of which also involves signature verification weaknesses. SAP’s December updates resolve 14 issues, including three critical flaws in SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect SDK that could be exploited for code injection or remote code execution. Given the history of exploitation involving these vendors’ products, organizations are urged to prioritize patching and hardening.

 

Intel and AMD confirm exposure to PCIe IDE specification vulnerabilities

Major hardware and platform vendors are assessing the impact of three newly disclosed vulnerabilities in the PCI Express Integrity and Data Encryption (PCIe IDE) standard, which secures high-speed communications between CPUs and peripherals such as GPUs, SSDs, and network cards. The issues, discovered by Intel researchers and tracked as CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614, affect the IDE specification introduced with PCIe 6.0. IDE uses AES GCM to encrypt and protect the integrity of link traffic close to the hardware layer. Under specific, crafted traffic patterns at the PCIe interface, the flaws can cause consumption of stale or incorrect data, potentially enabling information disclosure, privilege escalation, or denial of service.

The vulnerabilities are rated low severity because exploitation requires physical or very low-level access to the PCIe IDE interface, making them more relevant to hardware security specialists and highly targeted operations than broad, commodity attacks. PCI-SIG has issued an advisory and an Engineering Change Notification, with system and component suppliers expected to roll out firmware updates. So far, Intel and AMD have confirmed impact on certain Xeon and EPYC 9005 processors, while several other major vendors remain in an “unknown” status as they complete their own assessments.

 

API

 

Gogs zero day exploited at scale with Supershell malware and GitHub token abuse

A high-severity zero-day in Gogs, tracked as CVE-2025-8110 (CVSS 8.7), is being actively exploited against self-hosted Git servers. The flaw is a file overwrite issue in the PutContents API that bypasses a previous Gogs patch for CVE-2024-55947 by abusing symbolic links inside repositories. By committing a symlink that points outside the repo, then using the API to write through it, attackers can overwrite arbitrary files such as .git/config and modify ssh Command to execute code on the server. Wiz found around 1,400 exposed Gogs instances, with more than 700 showing signs of compromise, typically random 8-character owner and repository names created around 10 July 2025. The attackers deployed a Supershell-based payload that establishes a reverse SSH shell, and appear to be running a smash-and-grab style campaign rather than conducting a stealthy cleanup.

As no patch is yet available, administrators are urged to disable open registration, restrict internet access to Gogs, and scan for suspicious repositories. Separately, Wiz warns that threat actors are heavily targeting leaked GitHub Personal Access Tokens, using GitHub’s API code search to discover Action secret names, create malicious workflows, execute code, and exfiltrate cloud provider secrets via attacker-controlled webhooks. SPF, DKIM, and DMARC are critical Cybersecurity controls for protecting email systems from spoofing and abuse.

Pin It on Pinterest

Share This