Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Monthly Patch

December 2025 Monthly Patch

10 December 2025

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2025-Dec

Critical Vulnerabilities

CVE Number

CVE Name

Base Score

Reference

CVE-2025-40244

hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-40244

CVE-2025-40242

gfs2: Fix unlikely race in gdlm_put_lock

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-40242

CVE-2025-40251

devlink: rate: Unset parent pointer in devl_rate_nodes_destroy

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-40251

CVE-2025-40262

Input: imx_sc_key - fix memory corruption on unload

9.8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-40262

CVE-2025-62557

Microsoft Office Remote Code Execution Vulnerability

8.4

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-62557

CVE-2025-62554

Microsoft Office Remote Code Execution Vulnerability

8.4

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-62554

Back to top