MS Family December 2025 Security Update Advisory

Overview

 

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.

 

Affected Products

 

 

Browser Family

Microsoft Edge (Chromium-based)

 

Mariner Suite

Azl3 gcc 13.2.0-7 on Azure Linux 3.0

Azl3 pgbouncer 1.24.1-1 on Azure Linux 3.0

Azl3 tensorflow 2.16.1-9 on Azure Linux 3.0

Cbl2 gcc 11.2.0-8 on CBL Mariner 2.0

 

Open Source Software Suites

Azl3 golang 1.23.12-1 on Azure Linux 3.0

Azl3 golang 1.25.3-1 on Azure Linux 3.0

Azl3 kernel 6.6.112.1-2 on Azure Linux 3.0

Azl3 libpng 1.6.40-1 on Azure Linux 3.0

Azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0

Azl3 python3 3.12.9-5 on Azure Linux 3.0

Azl3 vim 9.1.1616-1 on Azure Linux 3.0

Cbl2 golang 1.18.8-10 on CBL Mariner 2.0

Cbl2 golang 1.22.7-5 on CBL Mariner 2.0

Cbl2 msft-golang 1.24.9-1 on CBL Mariner 2.0

Cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0

Cbl2 python3 3.9.19-16 on CBL Mariner 2.0

Cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0

Cbl2 vim 9.1.1616-1 on CBL Mariner 2.0

 

Resolved Vulnerabilities

 

Browser Family

Bad cast in Loader vulnerability in Microsoft Edge (Chromium-based) (CVE-2025-13720)
Improper Functional Implementation Vulnerability in the DevTools feature in Microsoft Edge (Chromium-based) (CVE-2025-13632)
Memory Reuse After Freeing Vulnerability in the Digital Credentials feature in Microsoft Edge (Chromium-based) (CVE-2025-13633)
Improper Functional Implementation Vulnerability in the Downloads feature in Microsoft Edge (Chromium-based) (CVE-2025-13637, CVE-2025-13635, CVE-2025-13634)
Improper Functional Implementation Vulnerability in the Google Updater Feature in Microsoft Edge (Chromium-based) (CVE-2025-13631)
Memory Reuse After Freeing Vulnerability in the Media Stream feature in Microsoft Edge (Chromium-based) (CVE-2025-13638)
Improper Functional Implementation Vulnerability in the Passwords feature in Microsoft Edge (Chromium-based) (CVE-2025-13640)
Race in v8 vulnerability in Microsoft Edge (Chromium-based) (CVE-2025-13721)
Improper Functional Implementation Vulnerability in the Split View feature in Microsoft Edge (Chromium-based) (CVE-2025-13636)
Type Confusion Vulnerability in V8 Features in Microsoft Edge (Chromium-based) (CVE-2025-13630)
Improper Functional Implementation Vulnerability in the WebRTC Feature in Microsoft Edge (Chromium-based) (CVE-2025-13639)

 

Mariner Family

Critical-grade vulnerability in Mariner (CVE-2025-12819)

 

Open Source Software Suite

Low-rated vulnerability in Mariner (CVE-2025-13837)

Moderate-rated vulnerabilities in Mariner (CVE-2025-13836, CVE-2025-40215, CVE-2025-40218, CVE-2025-40220, CVE-2025-40219)

Vulnerability of unknown severity in Mariner (CVE-2025-40217)

Critical-rated vulnerabilities in Mariner (CVE-2025-66476, CVE-2025-61729, CVE-2025-66293, CVE-2025-34297)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches were made available in the December 05, 2025 Update Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.