CISA KEV mandate for CVE-2025-62221
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2025-62221 to the KEV catalog, forcing Federal Civilian Executive Branch (FCEB) agencies to patch by December 30, 2025 because the flaw is actively exploited in the wild. The action turns a vendor patch into a mandatory federal remediation deadline for a known exploited Windows issue.
Related Happenings
CISA KEV update and FCEB remediation deadline
Public Sector Action
H score33
First: 10.06.2026 17:44
Last: 10.06.2026 17:44
Sources 1
About this happening:
**CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
CISA KEV update and FCEB remediation deadline
Public Sector ActionAbout this happening: **CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
Microsoft Windows June 2026 Patch Tuesday zero-day fixes (multiple vulnerabilities)
Security Patch Release
H score40
First: 10.06.2026 12:57
Last: 10.06.2026 12:57
Sources 1
About this happening:
**Microsoft**'s **June 2026 Patch Tuesday** fixed **three Windows zero-days** that could yield **SYSTEM** access or bypass **BitLocker** on vulnerable systems.
Microsoft Windows June 2026 Patch Tuesday zero-day fixes (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **Microsoft**'s **June 2026 Patch Tuesday** fixed **three Windows zero-days** that could yield **SYSTEM** access or bypass **BitLocker** on vulnerable systems.
Microsoft June 2026 Patch Tuesday GreenPlasma and YellowKey fixes
Security Patch Release
H score15
First: 10.06.2026 02:11
Last: 10.06.2026 02:11
Sources 1
About this happening:
**Microsoft** released **June 2026 Patch Tuesday** updates that fixed the **GreenPlasma** and **YellowKey** flaws, closing two previously disclosed issues in the Windows ecosystem...
Microsoft June 2026 Patch Tuesday GreenPlasma and YellowKey fixes
Security Patch ReleaseAbout this happening: **Microsoft** released **June 2026 Patch Tuesday** updates that fixed the **GreenPlasma** and **YellowKey** flaws, closing two previously disclosed issues in the Windows ecosystem...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector Action
H score48
First: 01.06.2026 15:30
Last: 01.06.2026 15:30
Sources 1
About this happening:
Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector ActionAbout this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw
Vulnerability
H score52
First: 18.05.2026 07:59
Last: 18.05.2026 07:59
Sources 1
How related:
The vulnerability that has come under active exploitation is CVE-2025-62221 (CVSS score: 7.8), a use-after-free in Windows Cloud Files Mini Filter Driver that could allow an authorized attacker to elevate privileges locally and obtain SYSTEM permissions.
About this happening:
**MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...
Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw
VulnerabilityHow related: The vulnerability that has come under active exploitation is CVE-2025-62221 (CVSS score: 7.8), a use-after-free in Windows Cloud Files Mini Filter Driver that could allow an authorized attacker to elevate privileges locally and obtain SYSTEM permissions.
About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...
Timeline
-
10.12.2025 10:50 2 articles · 7mo ago
CISA adds CVE-2025-62221 to KEV catalog and orders federal patching
Legal Policy Action UpdateCISA added CVE-2025-62221, a use-after-free in the Windows Cloud Files Mini Filter Driver that is being actively exploited in the wild, to the Known Exploited Vulnerabilities (KEV) catalog and required Federal Civilian Executive Branch (FCEB) agencies to apply the patch by December 30, 2025.
Show sources
- Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days — thehackernews.com — 10.12.2025 10:50
- Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days — thehackernews.com — 10.12.2025 10:50