2025 October Patch Tuesday
GoIvanti
0 views
53 slides
Oct 15, 2025
Slide 1 of 53
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
About This Presentation
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There ...
Slide Content
Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, October 15, 2025
Patch Tuesday Webinar
Wednesday, October 15, 2025
Copyright © 2025Ivanti. All rights reserved. 2
Agenda
▪October 2025 Patch Tuesday Overview
▪In the News
▪Bulletins and Releases
▪Between Patch Tuesdays
▪Q & A
Agenda
▪October 2025 Patch Tuesday Overview
▪In the News
▪Bulletins and Releases
▪Between Patch Tuesdays
▪Q & A
Copyright © 2025Ivanti. All rights reserved. 3
October Patch Tuesday 2025
October Patch Tuesday has a scary amount of
content! 172 CVEs resolved by Microsoft, 14
CVEs resolved by Mozilla, and 36 CVEs resolved
by Adobe. Microsoft resolved 3 exploited and 2
disclosed CVEs and Mozilla has 3 CVEs that are
suspected to be exploited. Adding to the fun is
the end of life of Windows 10, Office 2016 and
2019, and Exchange Server 2016 and 2019.
For more details check out thismonth's Patch
Tuesdayblog.
October Patch Tuesday 2025
October Patch Tuesday has a scary amount of
content! 172 CVEs resolved by Microsoft, 14
CVEs resolved by Mozilla, and 36 CVEs resolved
by Adobe. Microsoft resolved 3 exploited and 2
disclosed CVEs and Mozilla has 3 CVEs that are
suspected to be exploited. Adding to the fun is
the end of life of Windows 10, Office 2016 and
2019, and Exchange Server 2016 and 2019.
For more details check out thismonth's Patch
Tuesdayblog.
Copyright © 2025Ivanti. All rights reserved. 4
In the News
In the News
Copyright © 2025Ivanti. All rights reserved. 5
In the News
▪October End-of-Life Considerations
▪Windows 10
▪Support Options -https://support.microsoft.com/en-us/windows/windows-10-support-has-
ended-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281
▪Microsoft Exchange Server 2016 and 2019
▪Online option -https://learn.microsoft.com/en-us/exchange/exchange-online
▪On-premise option -https://techcommunity.microsoft.com/blog/exchange/upgrading-your-
organization-from-current-versions-to-exchange-server-se/4241305
▪Office 2016 and 2019
▪Options -https://learn.microsoft.com/en-us/microsoft-365-apps/end-of-support/plan-
upgrade-older-versions-office#upgrade-from-office-2016-or-office-2019-to-microsoft-365-
apps
In the News
▪October End-of-Life Considerations
▪Windows 10
▪Support Options -https://support.microsoft.com/en-us/windows/windows-10-support-has-
ended-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281
▪Microsoft Exchange Server 2016 and 2019
▪Online option -https://learn.microsoft.com/en-us/exchange/exchange-online
▪On-premise option -https://techcommunity.microsoft.com/blog/exchange/upgrading-your-
organization-from-current-versions-to-exchange-server-se/4241305
▪Office 2016 and 2019
▪Options -https://learn.microsoft.com/en-us/microsoft-365-apps/end-of-support/plan-
upgrade-older-versions-office#upgrade-from-office-2016-or-office-2019-to-microsoft-365-
apps
Copyright © 2025 Ivanti. All rights reserved. 6
In the News
▪Oracles silently fixes zero-day exploit leaked by ShinyHunters
▪Oracle Security Alert Advisory - CVE-2025-61884
▪Microsoft restricts IE mode access in Edge after zero-day attacks
▪Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
▪Chrome Use-After-Free Flaw Lets Attackers Execute Arbitrary Code
In the News
▪Oracles silently fixes zero-day exploit leaked by ShinyHunters
▪Oracle Security Alert Advisory - CVE-2025-61884
▪Microsoft restricts IE mode access in Edge after zero-day attacks
▪Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
▪Chrome Use-After-Free Flaw Lets Attackers Execute Arbitrary Code
Copyright © 2025 Ivanti. All rights reserved. 7
▪CVE-2025-2884 Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0
reference implementation
▪CVSS 3.1 Scores: 5.3 / 4.6
▪Severity: Important
▪Impact: Information Disclosure
▪Affected Systems: Windows 11 22H2-25H2, Server 2022, and Server 2025
▪Per Microsoft: This is a vulnerability in CG TPM2.0 Reference implementation's CryptHmacSign helper function
that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature
key's algorithm.
Publicly Disclosed Vulnerabilities
▪CVE-2025-2884 Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0
reference implementation
▪CVSS 3.1 Scores: 5.3 / 4.6
▪Severity: Important
▪Impact: Information Disclosure
▪Affected Systems: Windows 11 22H2-25H2, Server 2022, and Server 2025
▪Per Microsoft: This is a vulnerability in CG TPM2.0 Reference implementation's CryptHmacSign helper function
that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature
key's algorithm.
Publicly Disclosed Vulnerabilities
Copyright © 2025 Ivanti. All rights reserved. 8
▪CVE-2025-24052 Windows Agere Modem Driver Elevation of Privilege Vulnerability
▪CVSS 3.1 Scores: 7.8 / 7.0
▪Severity: Important
▪Impact: Elevation of Privilege
▪Affected Systems: All currently supported Windows operating systems (not on ARM)
▪Per Microsoft: Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with
supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys
driver. The driver has been removed in the October cumulative update.
Publicly Disclosed Vulnerabilities (cont)
▪CVE-2025-24052 Windows Agere Modem Driver Elevation of Privilege Vulnerability
▪CVSS 3.1 Scores: 7.8 / 7.0
▪Severity: Important
▪Impact: Elevation of Privilege
▪Affected Systems: All currently supported Windows operating systems (not on ARM)
▪Per Microsoft: Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with
supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys
driver. The driver has been removed in the October cumulative update.
Publicly Disclosed Vulnerabilities (cont)
Copyright © 2025 Ivanti. All rights reserved. 9
▪CVE-2025-24990 Windows Agere Modem Driver Elevation of Privilege Vulnerability
▪CVSS 3.1 Scores: 7.8 / 7.2
▪Severity: Important
▪Impact: Elevation of Privilege
▪Affected Systems: All currently supported Windows operating systems (not on ARM)
▪Per Microsoft: Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with
supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys
driver. The driver has been removed in the October cumulative update. All supported versions of Windows can
be affected by a successful exploitation of this vulnerability, even if the modem is not actively being used.
Known Exploited Vulnerabilities
▪CVE-2025-24990 Windows Agere Modem Driver Elevation of Privilege Vulnerability
▪CVSS 3.1 Scores: 7.8 / 7.2
▪Severity: Important
▪Impact: Elevation of Privilege
▪Affected Systems: All currently supported Windows operating systems (not on ARM)
▪Per Microsoft: Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with
supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys
driver. The driver has been removed in the October cumulative update. All supported versions of Windows can
be affected by a successful exploitation of this vulnerability, even if the modem is not actively being used.
Known Exploited Vulnerabilities
Copyright © 2025 Ivanti. All rights reserved. 10
▪CVE-2025-47827 Secure Boot bypass in IGEL OS before 11
▪CVSS 3.1 Scores: 4.6 / 4.3
▪Severity: Important
▪Impact: Security Feature Bypass
▪Affected Systems: All currently supported Windows operating systems, including ARM
▪Per Microsoft: In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module
improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an
unverified SquashFS image. An attacker who successfully exploited this vulnerability could bypass Secure Boot.
Known Exploited Vulnerabilities (cont)
▪CVE-2025-47827 Secure Boot bypass in IGEL OS before 11
▪CVSS 3.1 Scores: 4.6 / 4.3
▪Severity: Important
▪Impact: Security Feature Bypass
▪Affected Systems: All currently supported Windows operating systems, including ARM
▪Per Microsoft: In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module
improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an
unverified SquashFS image. An attacker who successfully exploited this vulnerability could bypass Secure Boot.
Known Exploited Vulnerabilities (cont)
Copyright © 2025 Ivanti. All rights reserved. 11
▪CVE-2025-59230 Windows Remote Access Connection Manager Elevation of Privilege
Vulnerability
▪CVSS 3.1 Scores: 7.8 / 7.2
▪Severity: Important
▪Impact: Elevation of Privilege
▪Affected Systems: All currently supported Windows operating systems, including ARM
▪Per Microsoft: Improper access control in Windows Remote Access Connection Manager allows an authorized
attacker to elevate privileges locally. An attacker who successfully exploited this vulnerability could gain SYSTEM
privileges.
Known Exploited Vulnerabilities (cont)
▪CVE-2025-59230 Windows Remote Access Connection Manager Elevation of Privilege
Vulnerability
▪CVSS 3.1 Scores: 7.8 / 7.2
▪Severity: Important
▪Impact: Elevation of Privilege
▪Affected Systems: All currently supported Windows operating systems, including ARM
▪Per Microsoft: Improper access control in Windows Remote Access Connection Manager allows an authorized
attacker to elevate privileges locally. An attacker who successfully exploited this vulnerability could gain SYSTEM
privileges.
Known Exploited Vulnerabilities (cont)
Copyright © 2025 Ivanti. All rights reserved. 12
Ivanti Endpoint Manager Mobile
(EPMM)
Ivanti Neurons for MDM
Security Advisory: Ivanti
Endpoint Manager
Security Advisory: Ivanti
EPMM
Security Advisory: Ivanti
Neurons for MDM
Ivanti Security Updates
Special thanks to the security researchers, ethical hackers, and the broader security community for
partnering with us to improve the security of our products.
Vulnerabilities:
•CVE-2025-10242 CVSS: 7.2
•CVE-2025-10243 CVSS: 7.2
•CVE-2025-10985 CVSS: 7.2
•CVE-2025-10986 CVSS: 4.7
Affected Versions:
•12.6.0.1
•12.5.0.2
•12.4.0.3 and all prior
Vulnerabilities:
•13 Reported CVSS: 8.8 – 6.5
Affected Versions:
•2024 SU3 SR1 and prior
•2022 SU8 SR2 and prior
Vulnerabilities:
•CWE-862 CVSS: 8.0
•CWE-308 CVSS: 8.1
•CWE-306 CVSS: 5.3
* Does not qualify for CVE designation
but reported for transparency. See
advisory for details.
Affected Versions:
•R118 and prior
Ivanti Endpoint Manager (EPM)
Ivanti Endpoint Manager Mobile
(EPMM)
Ivanti Neurons for MDM
Security Advisory: Ivanti
Endpoint Manager
Security Advisory: Ivanti
EPMM
Security Advisory: Ivanti
Neurons for MDM
Ivanti Security Updates
Special thanks to the security researchers, ethical hackers, and the broader security community for
partnering with us to improve the security of our products.
Vulnerabilities:
•CVE-2025-10242 CVSS: 7.2
•CVE-2025-10243 CVSS: 7.2
•CVE-2025-10985 CVSS: 7.2
•CVE-2025-10986 CVSS: 4.7
Affected Versions:
•12.6.0.1
•12.5.0.2
•12.4.0.3 and all prior
Vulnerabilities:
•13 Reported CVSS: 8.8 – 6.5
Affected Versions:
•2024 SU3 SR1 and prior
•2022 SU8 SR2 and prior
Vulnerabilities:
•CWE-862 CVSS: 8.0
•CWE-308 CVSS: 8.1
•CWE-306 CVSS: 5.3
* Does not qualify for CVE designation
but reported for transparency. See
advisory for details.
Affected Versions:
•R118 and prior
Ivanti Endpoint Manager (EPM)
Copyright © 2025 Ivanti. All rights reserved. 13Copyright © 2025 Ivanti. All rights reserved. 13
CVE-2025-8067
CVSS 3: 8.5
Impact: Desktop distros running UDisks such as
Ubuntu, Fedora Workstation, Debian GNOME/KDE,
etc.
▪A vulnerability in the Udisks daemon allows
unprivileged users to create loop devices
through the D-BUS system interface. The loop
device handler fails to validate the lower bound
of the index parameter, potentially allowing an
attacker to specify a negative index value.
▪It could cause an unprivileged local user to
potentially exploit to get root privileges.
New and Notable Linux Vulnerabilities: 1
▪For everyday desktop users, this is a concern,
since any local user account could try to exploit
it. A malicious program you download could
abuse it to escalate privileges.
Mitigation
Debian: Upgrade Debian:11 udisks2 to version
2.9.2-2+deb11u3 or higher.
RHEL: Install the updated package as soon as
available.
Ubuntu: Update as soon as possible.
Highlighted by TuxCare
CVE-2025-8067
CVSS 3: 8.5
Impact: Desktop distros running UDisks such as
Ubuntu, Fedora Workstation, Debian GNOME/KDE,
etc.
▪A vulnerability in the Udisks daemon allows
unprivileged users to create loop devices
through the D-BUS system interface. The loop
device handler fails to validate the lower bound
of the index parameter, potentially allowing an
attacker to specify a negative index value.
▪It could cause an unprivileged local user to
potentially exploit to get root privileges.
New and Notable Linux Vulnerabilities: 1
▪For everyday desktop users, this is a concern,
since any local user account could try to exploit
it. A malicious program you download could
abuse it to escalate privileges.
Mitigation
Debian: Upgrade Debian:11 udisks2 to version
2.9.2-2+deb11u3 or higher.
RHEL: Install the updated package as soon as
available.
Ubuntu: Update as soon as possible.
Highlighted by TuxCare
Copyright © 2025 Ivanti. All rights reserved. 14Copyright © 2025 Ivanti. All rights reserved. 14
CVE-2025-7493
CVSS 3: 8.5
Impact: Red Hat Enterprise Linux
▪A privilege escalation flaw from host to domain
administrator was found in FreeIPA.
▪This vulnerability is similar to CVE-2025-4404,
where it fails to validate the uniqueness of the
krbCanonicalName.
▪This flaw allows an attacker to perform
administrative tasks over the REALM, leading to
access to sensitive data and sensitive data
exfiltration.
New and Notable Linux Vulnerabilities: 2
Mitigation
Red Hat has released security updates to address
this vulnerability across multiple versions of Red
Hat Enterprise Linux (RHEL).
Updates are available for RHEL 8, 9, 9.4 EUS, and
10 through security advisories RHSA-2025:17129,
RHSA-2025:17084, RHSA-2025:17088, and
RHSA-2025:17085 respectively
Highlighted by TuxCare
CVE-2025-7493
CVSS 3: 8.5
Impact: Red Hat Enterprise Linux
▪A privilege escalation flaw from host to domain
administrator was found in FreeIPA.
▪This vulnerability is similar to CVE-2025-4404,
where it fails to validate the uniqueness of the
krbCanonicalName.
▪This flaw allows an attacker to perform
administrative tasks over the REALM, leading to
access to sensitive data and sensitive data
exfiltration.
New and Notable Linux Vulnerabilities: 2
Mitigation
Red Hat has released security updates to address
this vulnerability across multiple versions of Red
Hat Enterprise Linux (RHEL).
Updates are available for RHEL 8, 9, 9.4 EUS, and
10 through security advisories RHSA-2025:17129,
RHSA-2025:17084, RHSA-2025:17088, and
RHSA-2025:17085 respectively
Highlighted by TuxCare
Copyright © 2025 Ivanti. All rights reserved. 15Copyright © 2025 Ivanti. All rights reserved. 15
CVE-2025-40300
CVSS 3: 6.5
Impact: Platforms running Linux as a hypervisor
host (KVM, QEMU, etc.) with multiple
tenants/VMs) are at highest risk
▪This flaw poses significant risks to cloud
computing environments by allowing guest VMs
to compromise the hypervisor's user-space
processes and undermine the foundational trust
model of cloud isolation.
▪The issue specifically affects x86 systems and
relates to how branch predictors are managed
during virtualization context switches.
New and Notable Linux Vulnerabilities: 3
Mitigation
Issue IBPB each time the kernel returns to QEMU.
Highlighted by TuxCare
CVE-2025-40300
CVSS 3: 6.5
Impact: Platforms running Linux as a hypervisor
host (KVM, QEMU, etc.) with multiple
tenants/VMs) are at highest risk
▪This flaw poses significant risks to cloud
computing environments by allowing guest VMs
to compromise the hypervisor's user-space
processes and undermine the foundational trust
model of cloud isolation.
▪The issue specifically affects x86 systems and
relates to how branch predictors are managed
during virtualization context switches.
New and Notable Linux Vulnerabilities: 3
Mitigation
Issue IBPB each time the kernel returns to QEMU.
Highlighted by TuxCare
Copyright © 2025 Ivanti. All rights reserved. 16
Microsoft Patch Tuesday Updates of Interest
Advisory 990001 Servicing Stack Updates (SSU)
▪https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
▪Windows Server 2012 (not marked)
▪Windows 10
▪Windows 10 Version 1607/Server 2016
Azure and Development Tool Updates
▪.NET 8.0 and 9.0
▪ASP.NET Core 2.3, 8.0 and 9.0
▪Azure Connected Machine Agent
▪Azure Compute Gallery
▪Azure Monitor Agent
▪Microsoft Visual Studio 2017, 2019, and 2022
▪Powershell 7.4 and 7.5
Source: Microsoft
Microsoft Patch Tuesday Updates of Interest
Advisory 990001 Servicing Stack Updates (SSU)
▪https://msrc.microsoft.com/update-
guide/en-US/vulnerability/ADV990001
▪Windows Server 2012 (not marked)
▪Windows 10
▪Windows 10 Version 1607/Server 2016
Azure and Development Tool Updates
▪.NET 8.0 and 9.0
▪ASP.NET Core 2.3, 8.0 and 9.0
▪Azure Connected Machine Agent
▪Azure Compute Gallery
▪Azure Monitor Agent
▪Microsoft Visual Studio 2017, 2019, and 2022
▪Powershell 7.4 and 7.5
Source: Microsoft
Copyright © 2025 Ivanti. All rights reserved. 17
Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
Version Release Date End of Support Date
24H2 10/1/2024 10/13/2026
23H2 10/31/2023 11/11/2025
Windows 11 Enterprise and Education
Version Release Date End of Support Date
24H2 10/1/2024 10/12/2027
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
Source: Microsoft
Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
Version Release Date End of Support Date
24H2 10/1/2024 10/13/2026
23H2 10/31/2023 11/11/2025
Windows 11 Enterprise and Education
Version Release Date End of Support Date
24H2 10/1/2024 10/12/2027
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
Source: Microsoft
Copyright © 2025 Ivanti. All rights reserved. 18
Microsoft Support Ivanti Support
Windows 10 22H2 reaches EOS Oct 2025
Three years of ESU support
•Year 1 October 15, 2025 – October 13, 2026
•Year 2 October 14, 2026 – October 12, 2027
•Year 3 October 13, 2027 – October 10, 2028
Licensing and Pricing
•Full-year purchase only
•Price doubles each year
•Cloud-based licensing via Windows 365 and Intune
•5 by 5 licensing via manual key download
ESU support based on Microsoft releases
Available for three major patch products
•Neurons for Patch Management
•Endpoint Manager
•Security Controls
Familiar model
•Concurrent with Microsoft support years
•Offered as special content
•Requires signed EULA addendum
•Tiered pricing based on required endpoints
•Fixed price throughout life of program
Windows 10 Extended Security Updates (ESU)
Microsoft Support Ivanti Support
Windows 10 22H2 reaches EOS Oct 2025
Three years of ESU support
•Year 1 October 15, 2025 – October 13, 2026
•Year 2 October 14, 2026 – October 12, 2027
•Year 3 October 13, 2027 – October 10, 2028
Licensing and Pricing
•Full-year purchase only
•Price doubles each year
•Cloud-based licensing via Windows 365 and Intune
•5 by 5 licensing via manual key download
ESU support based on Microsoft releases
Available for three major patch products
•Neurons for Patch Management
•Endpoint Manager
•Security Controls
Familiar model
•Concurrent with Microsoft support years
•Offered as special content
•Requires signed EULA addendum
•Tiered pricing based on required endpoints
•Fixed price throughout life of program
Windows 10 Extended Security Updates (ESU)
Copyright © 2025 Ivanti. All rights reserved. 19
Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2025 Datacenter and Standard 11/01/2024 10/09/2029 10/10/2034
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪Focused on server long-term stability
▪Major version releases every 2-3 years
▪5 years mainstream and 5 years extended support
▪Server core or server with desktop experience available
Source: Microsoft
Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2025 Datacenter and Standard 11/01/2024 10/09/2029 10/10/2034
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪Focused on server long-term stability
▪Major version releases every 2-3 years
▪5 years mainstream and 5 years extended support
▪Server core or server with desktop experience available
Source: Microsoft
Copyright © 2025 Ivanti. All rights reserved. 20
Patch Content Announcements
Announcements Posted on Community Forum Pages
▪https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune
Patch Content Announcements
Announcements Posted on Community Forum Pages
▪https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune
Copyright © 2025 Ivanti. All rights reserved. 21
Bulletins and Releases
Bulletins and Releases
Copyright © 2025 Ivanti. All rights reserved. 22
▪Maximum Severity: High
▪Affected Products: Google Chrome
▪Description: The Stable channel has been updated to 141.0.7390.107/.108 for Windows and
Mac and 141.0.7390.107 for Linux. See
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html for
more details.
▪Impact: Remote Code Execution
▪Fixes 1 Vulnerability: CVE-2025-11756
▪Restart Required: Requires application restart
CHROME-251014: Security Update for Chrome Desktop1
▪Maximum Severity: High
▪Affected Products: Google Chrome
▪Description: The Stable channel has been updated to 141.0.7390.107/.108 for Windows and
Mac and 141.0.7390.107 for Linux. See
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html for
more details.
▪Impact: Remote Code Execution
▪Fixes 1 Vulnerability: CVE-2025-11756
▪Restart Required: Requires application restart
CHROME-251014: Security Update for Chrome Desktop1
Copyright © 2025 Ivanti. All rights reserved. 23
MFSA 2025-81: Security Update Firefox 144
▪Maximum Severity: High
▪Affected Products: Security update to Mozilla Firefox 144.0
▪Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 14 vulnerabilities with 7 rated High, 6 rated Moderate and 1 rated Low.
See https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/ for more details.
▪Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information
Disclosure
▪Fixes 14 Vulnerabilities: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-
11711, CVE-2025-11712, CVE-2025-11713, *CVE-2025-11714, *CVE-2025-11715, CVE-2025-
11716, CVE-2025-11717, CVE-2025-11718, CVE-2025-11719, CVE-2025-11720, *CVE-2025-
11721
▪Restart Required: Requires application restart
▪Known Issues: None
* CVEs are suspected by the vendor to be exploited in the wild
1
MFSA 2025-81: Security Update Firefox 144
▪Maximum Severity: High
▪Affected Products: Security update to Mozilla Firefox 144.0
▪Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 14 vulnerabilities with 7 rated High, 6 rated Moderate and 1 rated Low.
See https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/ for more details.
▪Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information
Disclosure
▪Fixes 14 Vulnerabilities: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-
11711, CVE-2025-11712, CVE-2025-11713, *CVE-2025-11714, *CVE-2025-11715, CVE-2025-
11716, CVE-2025-11717, CVE-2025-11718, CVE-2025-11719, CVE-2025-11720, *CVE-2025-
11721
▪Restart Required: Requires application restart
▪Known Issues: None
* CVEs are suspected by the vendor to be exploited in the wild
1
Copyright © 2025 Ivanti. All rights reserved. 24
MFSA 2025-82: Security Update Firefox ESR 115.29
▪Maximum Severity: High
▪Affected Products: Security update to Mozilla Firefox 115.29
▪Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 4 vulnerabilities rated High. See https://www.mozilla.org/en-
US/security/advisories/mfsa2025-82/ for more details.
▪Impact: Remote Code Execution, Information Disclosure
▪Fixes 4 Vulnerabilities: CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, *CVE-2025-
11714
▪Restart Required: Requires application restart
▪Known Issues: None
* CVEs are suspected by the vendor to be exploited in the wild
1
MFSA 2025-82: Security Update Firefox ESR 115.29
▪Maximum Severity: High
▪Affected Products: Security update to Mozilla Firefox 115.29
▪Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 4 vulnerabilities rated High. See https://www.mozilla.org/en-
US/security/advisories/mfsa2025-82/ for more details.
▪Impact: Remote Code Execution, Information Disclosure
▪Fixes 4 Vulnerabilities: CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, *CVE-2025-
11714
▪Restart Required: Requires application restart
▪Known Issues: None
* CVEs are suspected by the vendor to be exploited in the wild
1
Copyright © 2025 Ivanti. All rights reserved. 25
MFSA 2025-83: Security Update Firefox 140.4
▪Maximum Severity: High
▪Affected Products: Security update to Mozilla Firefox 140.4
▪Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 6 vulnerabilities rated High and 2 rated Moderate. See
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/ for more details.
▪Impact: Remote Code Execution, Information Disclosure
▪Fixes 8 Vulnerabilities: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-
11711, CVE-2025-11712, CVE-2025-11713, *CVE-2025-11714, *CVE-2025-11715
▪Restart Required: Requires application restart
▪Known Issues: None
* CVEs are suspected by the vendor to be exploited in the wild
1
MFSA 2025-83: Security Update Firefox 140.4
▪Maximum Severity: High
▪Affected Products: Security update to Mozilla Firefox 140.4
▪Description: This update from Mozilla addresses security vulnerabilities in the Firefox browser on
multiple platforms. Fixes 6 vulnerabilities rated High and 2 rated Moderate. See
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/ for more details.
▪Impact: Remote Code Execution, Information Disclosure
▪Fixes 8 Vulnerabilities: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-
11711, CVE-2025-11712, CVE-2025-11713, *CVE-2025-11714, *CVE-2025-11715
▪Restart Required: Requires application restart
▪Known Issues: None
* CVEs are suspected by the vendor to be exploited in the wild
1
Copyright © 2025 Ivanti. All rights reserved. 26
MFSA-2025-84: Security Update for Thunderbird 144
▪Maximum Severity: High
▪Affected Products: Security update to Mozilla Thunderbird 144.0.
▪Description: This update from Mozilla in the Thunderbird email browser addresses 11
vulnerabilities with 7 rated High and 4 rated Moderate. See https://www.mozilla.org/en-
US/security/advisories/mfsa2025-84/ for more details.
▪Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information
Disclosure
▪Fixes 11 Vulnerabilities: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-
11711, CVE-2025-11712, CVE-2025-11713, *CVE-2025-11714, *CVE-2025-11715, CVE-2025-
11716, CVE-2025-11719, *CVE-2025-11721
▪Restart Required: Requires application restart
▪Known Issues: None
* CVEs are suspected by the vendor to be exploited in the wild
1
MFSA-2025-84: Security Update for Thunderbird 144
▪Maximum Severity: High
▪Affected Products: Security update to Mozilla Thunderbird 144.0.
▪Description: This update from Mozilla in the Thunderbird email browser addresses 11
vulnerabilities with 7 rated High and 4 rated Moderate. See https://www.mozilla.org/en-
US/security/advisories/mfsa2025-84/ for more details.
▪Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and Information
Disclosure
▪Fixes 11 Vulnerabilities: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-
11711, CVE-2025-11712, CVE-2025-11713, *CVE-2025-11714, *CVE-2025-11715, CVE-2025-
11716, CVE-2025-11719, *CVE-2025-11721
▪Restart Required: Requires application restart
▪Known Issues: None
* CVEs are suspected by the vendor to be exploited in the wild
1
Copyright © 2025 Ivanti. All rights reserved. 27
MFSA-2025-85: Security Update for Thunderbird ESR 140.4
▪Maximum Severity: High
▪Affected Products: Security update to Mozilla Thunderbird 140.4.
▪Description: This update from Mozilla for the Thunderbird email browser fixes 6 vulnerabilities
rated High and 2 rated Moderate. See https://www.mozilla.org/en-
US/security/advisories/mfsa2025-85/ for more details.
▪Impact: Remote Code Execution, Information Disclosure
▪Fixes 8 Vulnerabilities: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-
11711, CVE-2025-11712, CVE-2025-11713, *CVE-2025-11714, *CVE-2025-11715
▪Restart Required: Requires application restart
▪Known Issues: None
* CVEs are suspected by the vendor to be exploited in the wild
1
MFSA-2025-85: Security Update for Thunderbird ESR 140.4
▪Maximum Severity: High
▪Affected Products: Security update to Mozilla Thunderbird 140.4.
▪Description: This update from Mozilla for the Thunderbird email browser fixes 6 vulnerabilities
rated High and 2 rated Moderate. See https://www.mozilla.org/en-
US/security/advisories/mfsa2025-85/ for more details.
▪Impact: Remote Code Execution, Information Disclosure
▪Fixes 8 Vulnerabilities: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-
11711, CVE-2025-11712, CVE-2025-11713, *CVE-2025-11714, *CVE-2025-11715
▪Restart Required: Requires application restart
▪Known Issues: None
* CVEs are suspected by the vendor to be exploited in the wild
1
Copyright © 2025 Ivanti. All rights reserved. 28
APSB25-96: Security Update for Adobe Bridge
▪Maximum Severity: Critical
▪Affected Products: Adobe Bridge versions 14.1.9 (LTS) and 15.2
▪Description: Adobe has released a security update for Adobe Bridge for Windows and
macOS.This update resolves 2 vulnerabilities - 1 rated Critical and 1 rated Important. See
https://helpx.adobe.com/security/products/bridge/apsb25-96.html for more details. Adobe is not
aware of any exploits in the wild for any of the issues addressed in these updates.
▪Impact: Arbitrary Code Execution and Memory Exposure
▪Fixes 2 Vulnerabilities: CVE-2025-54268, CVE-2025-54278
▪Restart Required: Requires application restart
APSB25-96: Security Update for Adobe Bridge
▪Maximum Severity: Critical
▪Affected Products: Adobe Bridge versions 14.1.9 (LTS) and 15.2
▪Description: Adobe has released a security update for Adobe Bridge for Windows and
macOS.This update resolves 2 vulnerabilities - 1 rated Critical and 1 rated Important. See
https://helpx.adobe.com/security/products/bridge/apsb25-96.html for more details. Adobe is not
aware of any exploits in the wild for any of the issues addressed in these updates.
▪Impact: Arbitrary Code Execution and Memory Exposure
▪Fixes 2 Vulnerabilities: CVE-2025-54268, CVE-2025-54278
▪Restart Required: Requires application restart
Copyright © 2025 Ivanti. All rights reserved. 29
▪Maximum Severity: Critical
▪Affected Products: Adobe Animate version 23.0.15 and 24.0.12
▪Description: Adobe has releasedanupdatefor AdobeAnimate for Windows and macOS.This
update resolves 4 vulnerabilities – 2 rated Critical and 2 rated Important. See
https://helpx.adobe.com/security/products/animate/apsb25-97.html for more details. Adobe is
not aware of any exploits in the wild for any of the issues addressed in these updates.
▪Impact: Arbitrary Code Execution, Memory Exposure
▪Fixes 4 Vulnerabilities: CVE-2025-54269, CVE-2025-54270, CVE-2025-54279, CVE-2025-
61804
▪Restart Required: Requires application restart
APSB25-97: Security Update for Adobe Animate
▪Maximum Severity: Critical
▪Affected Products: Adobe Animate version 23.0.15 and 24.0.12
▪Description: Adobe has releasedanupdatefor AdobeAnimate for Windows and macOS.This
update resolves 4 vulnerabilities – 2 rated Critical and 2 rated Important. See
https://helpx.adobe.com/security/products/animate/apsb25-97.html for more details. Adobe is
not aware of any exploits in the wild for any of the issues addressed in these updates.
▪Impact: Arbitrary Code Execution, Memory Exposure
▪Fixes 4 Vulnerabilities: CVE-2025-54269, CVE-2025-54270, CVE-2025-54279, CVE-2025-
61804
▪Restart Required: Requires application restart
APSB25-97: Security Update for Adobe Animate
Copyright © 2025 Ivanti. All rights reserved. 30
▪Maximum Severity: Critical
▪Affected Products: Adobe Illustrator 28.7.10 and Illustrator 29.8
▪Description: Adobe has releasedanupdatefor AdobeIllustrator for Windows and macOS.This
update resolves 2 vulnerabilities – both rated Critical. See
https://helpx.adobe.com/security/products/illustrator/apsb25-102.html for more details. Adobe is
not aware of any exploits in the wild for any of the issues addressed in these updates.
▪Impact: Arbitrary Code Execution
▪Fixes 2 Vulnerabilities: CVE-2025-54283, CVE-2025-542844
▪Restart Required: Requires application restart
APSB25-102: Security Update for Adobe Illustrator
▪Maximum Severity: Critical
▪Affected Products: Adobe Illustrator 28.7.10 and Illustrator 29.8
▪Description: Adobe has releasedanupdatefor AdobeIllustrator for Windows and macOS.This
update resolves 2 vulnerabilities – both rated Critical. See
https://helpx.adobe.com/security/products/illustrator/apsb25-102.html for more details. Adobe is
not aware of any exploits in the wild for any of the issues addressed in these updates.
▪Impact: Arbitrary Code Execution
▪Fixes 2 Vulnerabilities: CVE-2025-54283, CVE-2025-542844
▪Restart Required: Requires application restart
APSB25-102: Security Update for Adobe Illustrator
Copyright © 2025 Ivanti. All rights reserved. 31
▪Maximum Severity: Critical
▪Affected Products: Microsoft Windows 11 Version 22H2, 23H2, 24H2, 25H2, Server 2025 and
Edge Chromium
▪Description: This bulletin references KB 5066793 (22H2/23H2) and KB 5066835 (24H2, 25H2,
and Server 2025). See KBs for details of all changes.
▪Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Tampering, Elevation of Privilege, and Information Disclosure
▪Fixes 134 Vulnerabilities: CVE-2025-2884 and CVE-2025-24052 are publicly disclosed. CVE-
2025-24990, CVE-2025-47827, and CVE-2025-59230 are known exploited. See the Security
Update Guide for the complete list of CVEs.
▪Restart Required: Requires restart
▪Known Issues: For OS covered under KB 5066835, some Digital TV and Blu-ray/DVD apps
might not play protected content as expected. Digital audio might show copyright protection
errors, frequent playback interruptions, unexpected stops, or black screens. Workaround:
Install the latest update for your device. However, some apps that use DRM for digital audio
might still experience problems.
MS25-10-W11: Windows 11 Update
▪Maximum Severity: Critical
▪Affected Products: Microsoft Windows 11 Version 22H2, 23H2, 24H2, 25H2, Server 2025 and
Edge Chromium
▪Description: This bulletin references KB 5066793 (22H2/23H2) and KB 5066835 (24H2, 25H2,
and Server 2025). See KBs for details of all changes.
▪Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Tampering, Elevation of Privilege, and Information Disclosure
▪Fixes 134 Vulnerabilities: CVE-2025-2884 and CVE-2025-24052 are publicly disclosed. CVE-
2025-24990, CVE-2025-47827, and CVE-2025-59230 are known exploited. See the Security
Update Guide for the complete list of CVEs.
▪Restart Required: Requires restart
▪Known Issues: For OS covered under KB 5066835, some Digital TV and Blu-ray/DVD apps
might not play protected content as expected. Digital audio might show copyright protection
errors, frequent playback interruptions, unexpected stops, or black screens. Workaround:
Install the latest update for your device. However, some apps that use DRM for digital audio
might still experience problems.
MS25-10-W11: Windows 11 Update
Copyright © 2025 Ivanti. All rights reserved. 32
▪Maximum Severity: Critical
▪Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server
2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
▪Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
▪Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Tampering, Elevation of Privilege, and Information Disclosure
▪Fixes 116 Vulnerabilities: CVE-2025-2884 and CVE-2025-24052 are publicly disclosed. CVE-
2025-24990, CVE-2025-47827, and CVE-2025-59230 are known exploited. See the Security
Update Guide for the complete list of CVEs.
▪Restart Required: Requires restart
▪Known Issues: None reported
MS25-10-W10: Windows 10 Update
▪Maximum Severity: Critical
▪Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server
2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
▪Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
▪Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
Tampering, Elevation of Privilege, and Information Disclosure
▪Fixes 116 Vulnerabilities: CVE-2025-2884 and CVE-2025-24052 are publicly disclosed. CVE-
2025-24990, CVE-2025-47827, and CVE-2025-59230 are known exploited. See the Security
Update Guide for the complete list of CVEs.
▪Restart Required: Requires restart
▪Known Issues: None reported
MS25-10-W10: Windows 10 Update
Copyright © 2025 Ivanti. All rights reserved. 33
MS25-10-OFF: Security Updates for Microsoft Office
▪Maximum Severity: Critical
▪Affected Products: Access 2016,Excel 2016, Office 2016, Office LTSC for Mac 2021 & 2024,
Office Online Server, Office for Android, Powerpoint 2016, Word 2016
▪Description: This security update addresses 13 vulnerabilities in Microsoft Office and
supporting products. This bulletin is based on 9 KB articles plus release notes for the Mac
updates and others.
▪Impact: Remote Code Execution, Information Disclosure
▪Fixes 13 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
▪Restart Required: Requires application restart
▪Known Issues: None reported
MS25-10-OFF: Security Updates for Microsoft Office
▪Maximum Severity: Critical
▪Affected Products: Access 2016,Excel 2016, Office 2016, Office LTSC for Mac 2021 & 2024,
Office Online Server, Office for Android, Powerpoint 2016, Word 2016
▪Description: This security update addresses 13 vulnerabilities in Microsoft Office and
supporting products. This bulletin is based on 9 KB articles plus release notes for the Mac
updates and others.
▪Impact: Remote Code Execution, Information Disclosure
▪Fixes 13 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
▪Restart Required: Requires application restart
▪Known Issues: None reported
Copyright © 2025 Ivanti. All rights reserved. 34
MS25-10-O365: Security Updates for Microsoft 365 Apps
▪Maximum Severity: Critical
▪Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021 and Office LTSC 2024
▪Description: This security update addresses several vulnerabilities in Microsoft Office.
Information on the security updates is available at https://learn.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
▪Impact: Remote Code Execution, Denial of Service, and Information Disclosure
▪Fixes 16 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
▪Restart Required: Requires application restart
▪Known Issues: None reported
MS25-10-O365: Security Updates for Microsoft 365 Apps
▪Maximum Severity: Critical
▪Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021 and Office LTSC 2024
▪Description: This security update addresses several vulnerabilities in Microsoft Office.
Information on the security updates is available at https://learn.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
▪Impact: Remote Code Execution, Denial of Service, and Information Disclosure
▪Fixes 16 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
▪Restart Required: Requires application restart
▪Known Issues: None reported
Copyright © 2025 Ivanti. All rights reserved. 35
▪Maximum Severity: Important
▪Affected Products: Microsoft Exchange Server 2016 CU23, Exchange Server 2019 CU14 &
CU15, Exchange Server Subscription Edition
▪Description: This security update addresses 3 vulnerabilities in Microsoft Exchange Server.
This bulletin is based on 4 KB articles.
▪Impact: Spoofing, Elevation of Privilege
▪Fixes 3 Vulnerabilities: CVE-2025-53782, CVE-2025-59248, and CVE-2025-59249. No CVEs
are known exploited or publicly disclosed.
▪Restart Required: Requires restart
▪Known Issues: None reported
MS25-10-EXCH: Security Updates for Exchange Server
▪Maximum Severity: Important
▪Affected Products: Microsoft Exchange Server 2016 CU23, Exchange Server 2019 CU14 &
CU15, Exchange Server Subscription Edition
▪Description: This security update addresses 3 vulnerabilities in Microsoft Exchange Server.
This bulletin is based on 4 KB articles.
▪Impact: Spoofing, Elevation of Privilege
▪Fixes 3 Vulnerabilities: CVE-2025-53782, CVE-2025-59248, and CVE-2025-59249. No CVEs
are known exploited or publicly disclosed.
▪Restart Required: Requires restart
▪Known Issues: None reported
MS25-10-EXCH: Security Updates for Exchange Server
Copyright © 2025 Ivanti. All rights reserved. 36
MS25-10-SPT: Security Updates for SharePoint Server
▪Maximum Severity: Important
▪Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪Description: This security update resolves 6 vulnerabilities in Microsoft SharePoint Server.
This bulletin is based on 5 KB articles.
▪Impact: Remote Code Execution, Information Disclosure
▪Fixes 6 Vulnerabilities: CVE-2025-59221, CVE-2025-59222, CVE-2025-59232, CVE-2025-
59235, CVE-2025-59237, and CVE-2025-59228. No CVEs are known exploited or publicly
disclosed.
▪Restart Required: Requires application restart
▪Known Issues: None reported
MS25-10-SPT: Security Updates for SharePoint Server
▪Maximum Severity: Important
▪Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪Description: This security update resolves 6 vulnerabilities in Microsoft SharePoint Server.
This bulletin is based on 5 KB articles.
▪Impact: Remote Code Execution, Information Disclosure
▪Fixes 6 Vulnerabilities: CVE-2025-59221, CVE-2025-59222, CVE-2025-59232, CVE-2025-
59235, CVE-2025-59237, and CVE-2025-59228. No CVEs are known exploited or publicly
disclosed.
▪Restart Required: Requires application restart
▪Known Issues: None reported
Copyright © 2025 Ivanti. All rights reserved. 37
MS25-10-MRNET: Monthly Rollup for Microsoft .NET
▪Maximum Severity: Important
▪Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
▪Description: This update fixes a vulnerability related to inadequate encryption strength in the
.NET framework whereby an attacker could disclose information over a network. This bulletin
references 14 KB articles.
▪Impact: Information Disclosure
▪Fixes 1 Vulnerability: CVE-2025-55248 is not known to be exploited or publicly disclosed.
▪Restart Required: Does not require a system restart after you apply it unless files that are being
updated are locked or are being used.
▪Known Issues: None reported
MS25-10-MRNET: Monthly Rollup for Microsoft .NET
▪Maximum Severity: Important
▪Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
▪Description: This update fixes a vulnerability related to inadequate encryption strength in the
.NET framework whereby an attacker could disclose information over a network. This bulletin
references 14 KB articles.
▪Impact: Information Disclosure
▪Fixes 1 Vulnerability: CVE-2025-55248 is not known to be exploited or publicly disclosed.
▪Restart Required: Does not require a system restart after you apply it unless files that are being
updated are locked or are being used.
▪Known Issues: None reported
Copyright © 2025 Ivanti. All rights reserved. 38
MS25-10-SONET: Monthly Rollup for Microsoft .NET
▪Maximum Severity: Important
▪Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
▪Description: This update fixes a vulnerability related to inadequate encryption strength in the
.NET framework whereby an attacker could disclose information over a network. This bulletin
references 14 KB articles.
▪Impact: Information Disclosure
▪Fixes 1 Vulnerability: CVE-2025-55248 is not known to be exploited or publicly disclosed.
▪Restart Required: Does not require a system restart after you apply it unless files that are being
updated are locked or are being used.
▪Known Issues: None reported
MS25-10-SONET: Monthly Rollup for Microsoft .NET
▪Maximum Severity: Important
▪Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
▪Description: This update fixes a vulnerability related to inadequate encryption strength in the
.NET framework whereby an attacker could disclose information over a network. This bulletin
references 14 KB articles.
▪Impact: Information Disclosure
▪Fixes 1 Vulnerability: CVE-2025-55248 is not known to be exploited or publicly disclosed.
▪Restart Required: Does not require a system restart after you apply it unless files that are being
updated are locked or are being used.
▪Known Issues: None reported
Copyright © 2025 Ivanti. All rights reserved. 39
Between Patch Tuesdays
Between Patch Tuesdays
Copyright © 2025 Ivanti. All rights reserved. 40
Windows Release Summary
▪Security Updates (with CVEs): Google Chrome (2), Docker (1), Firefox (2), Firefox ESR (1), Foxit PDF
Editor (1), Foxit PDF Editor (Subscription) (1), Foxit PDF Reader Consumer (1), Greenshot (1), Opera (1),
Thunderbird ESR (1), VMware Tools (2)
▪Security Updates (w/o CVEs): Adobe Illustrator (1), Adobe Bridge (1), Apple Mobile Device Support (1),
Adobe Photoshop (1), Adobe Acrobat DC and Acrobat Reader DC (2), Apache Tomcat (3), Apple ITunes (1),
Cisco Duo Desktop (1), Google Chrome (3), Citrix Workspace App (1), Dell Command Update Windows
Universal Application (1), Devolutions Remote Desktop Manager (4), Dropbox (3), Firefox (2), Google Earth
Pro (1), Git (1), LibreOffice (1), Node.JS (LTS Upper) (1), Notepad++ (1), NextCloud Desktop Client (2),
Opera (4), VirtualBox (1), PDF24 Creator (1), PDF-Xchange PRO (1), PDF-Xchange Editor Plus (1), Plex
Media Server (1), Rocket.Chat Desktop Client (1), Royal TS (1), Screenpresso (1), Snagit (1), Splunk
Universal Forwarder (5), Sourcetree for Windows Enterprise (1), Thunderbird (1), Thunderbird ESR (2),
TeamViewer (2), VSCodium (4), Wazuh Agent (1), Wireshark (3), Zoom Workplace Desktop App (2), Zoom
Outlook Plugin (1), Zoom Rooms App (2), Zoom Workplace VDI App (1)
▪Non-Security Updates: 1Password (2), 8x8 Work Desktop (1), AIMP (2), Bandicut (1), Bitwarden (1),
Camtasia (2), Cisco Webex Teams (1), CyberDuck (1), draw.io (1), Evernote (4), Google Drive File Stream
(2), GoodSync (1), GeoGebra Classic (2), GoTo Connect (1), Logi Options plus (2), RingCentral App
(Machine-Wide Installer) (1), TreeSize Free (1), Xerox Workplace Cloud Client (1)
Windows Release Summary
▪Security Updates (with CVEs): Google Chrome (2), Docker (1), Firefox (2), Firefox ESR (1), Foxit PDF
Editor (1), Foxit PDF Editor (Subscription) (1), Foxit PDF Reader Consumer (1), Greenshot (1), Opera (1),
Thunderbird ESR (1), VMware Tools (2)
▪Security Updates (w/o CVEs): Adobe Illustrator (1), Adobe Bridge (1), Apple Mobile Device Support (1),
Adobe Photoshop (1), Adobe Acrobat DC and Acrobat Reader DC (2), Apache Tomcat (3), Apple ITunes (1),
Cisco Duo Desktop (1), Google Chrome (3), Citrix Workspace App (1), Dell Command Update Windows
Universal Application (1), Devolutions Remote Desktop Manager (4), Dropbox (3), Firefox (2), Google Earth
Pro (1), Git (1), LibreOffice (1), Node.JS (LTS Upper) (1), Notepad++ (1), NextCloud Desktop Client (2),
Opera (4), VirtualBox (1), PDF24 Creator (1), PDF-Xchange PRO (1), PDF-Xchange Editor Plus (1), Plex
Media Server (1), Rocket.Chat Desktop Client (1), Royal TS (1), Screenpresso (1), Snagit (1), Splunk
Universal Forwarder (5), Sourcetree for Windows Enterprise (1), Thunderbird (1), Thunderbird ESR (2),
TeamViewer (2), VSCodium (4), Wazuh Agent (1), Wireshark (3), Zoom Workplace Desktop App (2), Zoom
Outlook Plugin (1), Zoom Rooms App (2), Zoom Workplace VDI App (1)
▪Non-Security Updates: 1Password (2), 8x8 Work Desktop (1), AIMP (2), Bandicut (1), Bitwarden (1),
Camtasia (2), Cisco Webex Teams (1), CyberDuck (1), draw.io (1), Evernote (4), Google Drive File Stream
(2), GoodSync (1), GeoGebra Classic (2), GoTo Connect (1), Logi Options plus (2), RingCentral App
(Machine-Wide Installer) (1), TreeSize Free (1), Xerox Workplace Cloud Client (1)
Copyright © 2025 Ivanti. All rights reserved. 41
Windows Third Party CVE Information
▪Google Chrome 140.0.7339.186
▪CHROME-250917, QGC14007339186
▪Fixes 6 Vulnerabilities: CVE-2025-10200, CVE-2025-10201, CVE-2025-10500, CVE-2025-10501,
CVE-2025-10502, CVE-2025-10585
▪Google Chrome 141.0.7390.66
▪CHROME-251007, QGC1410739066
▪Fixes 11 Vulnerabilities: CVE-2025-11206, CVE-2025-11207, CVE-2025-11208, CVE-2025-11209,
CVE-2025-11210, CVE-2025-11211, CVE-2025-11212, CVE-2025-11213, CVE-2025-11215, CVE-
2025-11216, CVE-2025-11219
▪Docker For Windows 4.47.0
▪DOCKER-250925, QDOCKER4470
▪Fixes 1 Vulnerability: CVE-2025-10657
▪Greenshot 1.3.301
▪GRNSHT-251003, QGREEN13301
▪Fixes 1 Vulnerability: CVE-2025-59050
Windows Third Party CVE Information
▪Google Chrome 140.0.7339.186
▪CHROME-250917, QGC14007339186
▪Fixes 6 Vulnerabilities: CVE-2025-10200, CVE-2025-10201, CVE-2025-10500, CVE-2025-10501,
CVE-2025-10502, CVE-2025-10585
▪Google Chrome 141.0.7390.66
▪CHROME-251007, QGC1410739066
▪Fixes 11 Vulnerabilities: CVE-2025-11206, CVE-2025-11207, CVE-2025-11208, CVE-2025-11209,
CVE-2025-11210, CVE-2025-11211, CVE-2025-11212, CVE-2025-11213, CVE-2025-11215, CVE-
2025-11216, CVE-2025-11219
▪Docker For Windows 4.47.0
▪DOCKER-250925, QDOCKER4470
▪Fixes 1 Vulnerability: CVE-2025-10657
▪Greenshot 1.3.301
▪GRNSHT-251003, QGREEN13301
▪Fixes 1 Vulnerability: CVE-2025-59050
Copyright © 2025 Ivanti. All rights reserved. 42
Windows Third Party CVE Information (cont)
▪Firefox 143.0
▪FF-250917, QFF1430
▪Fixes 11 Vulnerabilities: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10530,
CVE-2025-10531, CVE-2025-10532, CVE-2025-10533, CVE-2025-10534, CVE-2025-10535,
CVE-2025-10536, CVE-2025-10537
▪Firefox 143.0.3
▪FF-250930, QFFE14303
▪Fixes 2 Vulnerabilities: CVE-2025-11152, CVE-2025-11153
▪Firefox ESR 140.3.0
▪FFE140-250917, QFFE14030
▪Fixes 7 Vulnerabilities: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532,
CVE-2025-10533, CVE-2025-10536, CVE-2025-10537
Windows Third Party CVE Information (cont)
▪Firefox 143.0
▪FF-250917, QFF1430
▪Fixes 11 Vulnerabilities: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10530,
CVE-2025-10531, CVE-2025-10532, CVE-2025-10533, CVE-2025-10534, CVE-2025-10535,
CVE-2025-10536, CVE-2025-10537
▪Firefox 143.0.3
▪FF-250930, QFFE14303
▪Fixes 2 Vulnerabilities: CVE-2025-11152, CVE-2025-11153
▪Firefox ESR 140.3.0
▪FFE140-250917, QFFE14030
▪Fixes 7 Vulnerabilities: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532,
CVE-2025-10533, CVE-2025-10536, CVE-2025-10537
Copyright © 2025 Ivanti. All rights reserved. 43
Windows Third Party CVE Information (cont)
▪Foxit PDF Editor 13.2.1.23955
▪FPDFE13-250926, QFPDFE132123955
▪Fixes 2 Vulnerabilities: CVE-2025-59802, CVE-2025-59803
▪Foxit PDF Editor (Subscription) 2025.2.1.33197
▪FPDFES-250926, QFPDFE202521
▪Fixes 2 Vulnerabilities: CVE-2025-59802, CVE-2025-59803
▪Foxit PDF Reader Consumer 2025.2.1.33197
▪FPDFRC-250926, QFPDFRC202521
▪Fixes 2 Vulnerabilities: CVE-2025-59802, CVE-2025-59803
▪Opera 122.0.5643.51
▪OPERA-250918, QOP1220564351
▪Fixes 1 Vulnerability: CVE-2025-10585
Windows Third Party CVE Information (cont)
▪Foxit PDF Editor 13.2.1.23955
▪FPDFE13-250926, QFPDFE132123955
▪Fixes 2 Vulnerabilities: CVE-2025-59802, CVE-2025-59803
▪Foxit PDF Editor (Subscription) 2025.2.1.33197
▪FPDFES-250926, QFPDFE202521
▪Fixes 2 Vulnerabilities: CVE-2025-59802, CVE-2025-59803
▪Foxit PDF Reader Consumer 2025.2.1.33197
▪FPDFRC-250926, QFPDFRC202521
▪Fixes 2 Vulnerabilities: CVE-2025-59802, CVE-2025-59803
▪Opera 122.0.5643.51
▪OPERA-250918, QOP1220564351
▪Fixes 1 Vulnerability: CVE-2025-10585
Copyright © 2025 Ivanti. All rights reserved. 44
Windows Third Party CVE Information (cont)
▪Thunderbird ESR 128.14.0
▪TBE-250916, QTB128140
▪Fixes 4 Vulnerabilities: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185
▪VMware Tools 12.5.4
▪VMWT12-250930, QVMWT1254
▪Fixes 3 Vulnerabilities: CVE-2025-41244, CVE-2025-41245, CVE-2025-41246
▪VMware Tools 13.0.5
▪VMWT13-250930, QVMWT1305
▪Fixes 3 Vulnerabilities: CVE-2025-41244, CVE-2025-41245, CVE-2025-41246
Windows Third Party CVE Information (cont)
▪Thunderbird ESR 128.14.0
▪TBE-250916, QTB128140
▪Fixes 4 Vulnerabilities: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185
▪VMware Tools 12.5.4
▪VMWT12-250930, QVMWT1254
▪Fixes 3 Vulnerabilities: CVE-2025-41244, CVE-2025-41245, CVE-2025-41246
▪VMware Tools 13.0.5
▪VMWT13-250930, QVMWT1305
▪Fixes 3 Vulnerabilities: CVE-2025-41244, CVE-2025-41245, CVE-2025-41246
Copyright © 2025 Ivanti. All rights reserved. 45
Apple Release Summary
▪Security Updates (with CVEs): Apple Safari for Sonoma (1), Apple Safari for Sequoia (1),
Apple macOS Sonoma (2), Apple macOS Sequoia (2), Apple macOS Tahoe (2), Docker
Desktop (1), Firefox (2), Firefox ESR (1), Google Chrome (2), Microsoft Edge (4), Microsoft
Office Excel (1), Microsoft Office OneNote (1), Microsoft Office Outlook (1), Microsoft Office
PowerPoint (1), Microsoft Office Word (1)Thunderbird ESR (1), Visual Studio Code (1)
▪Security Updates (w/o CVEs): None
▪Non-Security Updates: 1Password (2), Alfred (2), Adobe Photoshop (1), Adobe Acrobat
Classic (1), Adobe Acrobat DC and Acrobat Reader DC (2), BBEdit (1), Brave (6), Caffeine (1),
Google Chrome (1), Cyberduck (1), Devolutions Remote Desktop Manager (2), Docker
Desktop (1), draw.io (1), Evernote (4), Firefox ESR (1), Figma (2), Google Drive (1), GIMP (1),
Go (1), Grammarly (6), Adobe Illustrator (2), Krisp (2), LibreOffice (1), Obsidian (1), OneDrive
(1), Microsoft Office Excel (3), Microsoft Office OneNote (3), Microsoft Office Outlook (3),
Microsoft Office PowerPoint (3), Microsoft Office Word (3), Microsoft Teams (6), Slack (2),
Spotify (2), Thunderbird ESR (1), Visual Studio Code (3), VSCodium (5), Zoom Client (2)
Apple Release Summary
▪Security Updates (with CVEs): Apple Safari for Sonoma (1), Apple Safari for Sequoia (1),
Apple macOS Sonoma (2), Apple macOS Sequoia (2), Apple macOS Tahoe (2), Docker
Desktop (1), Firefox (2), Firefox ESR (1), Google Chrome (2), Microsoft Edge (4), Microsoft
Office Excel (1), Microsoft Office OneNote (1), Microsoft Office Outlook (1), Microsoft Office
PowerPoint (1), Microsoft Office Word (1)Thunderbird ESR (1), Visual Studio Code (1)
▪Security Updates (w/o CVEs): None
▪Non-Security Updates: 1Password (2), Alfred (2), Adobe Photoshop (1), Adobe Acrobat
Classic (1), Adobe Acrobat DC and Acrobat Reader DC (2), BBEdit (1), Brave (6), Caffeine (1),
Google Chrome (1), Cyberduck (1), Devolutions Remote Desktop Manager (2), Docker
Desktop (1), draw.io (1), Evernote (4), Firefox ESR (1), Figma (2), Google Drive (1), GIMP (1),
Go (1), Grammarly (6), Adobe Illustrator (2), Krisp (2), LibreOffice (1), Obsidian (1), OneDrive
(1), Microsoft Office Excel (3), Microsoft Office OneNote (3), Microsoft Office Outlook (3),
Microsoft Office PowerPoint (3), Microsoft Office Word (3), Microsoft Teams (6), Slack (2),
Spotify (2), Thunderbird ESR (1), Visual Studio Code (3), VSCodium (5), Zoom Client (2)
Copyright © 2025 Ivanti. All rights reserved. 46
Apple Updates with CVE Information
▪macOS Sonoma 14.8
▪Fixes 39 Vulnerabilities: See Apple security bulletin for details
▪macOS Sonoma 14.8.1
▪Fixes 1 Vulnerability: CVE-2025-43400
▪macOS Sequoia 15.7
▪Fixes 35 Vulnerabilities: See Apple security bulletin for details
▪macOS Sequoia 15.7.1
▪Fixes 1 Vulnerability: CVE-2025-43400
▪macOS Tahoe 26
▪Fixes 77 Vulnerabilities: See Apple security bulletin for details
▪macOS Tahoe 26.0.1
▪Fixes 1 Vulnerability: CVE-2025-43400
▪Safari 26 for macOS Sonoma and macOS Sequoia
▪Fixes 7 Vulnerabilities: See Apple security bulletin for details
Apple Updates with CVE Information
▪macOS Sonoma 14.8
▪Fixes 39 Vulnerabilities: See Apple security bulletin for details
▪macOS Sonoma 14.8.1
▪Fixes 1 Vulnerability: CVE-2025-43400
▪macOS Sequoia 15.7
▪Fixes 35 Vulnerabilities: See Apple security bulletin for details
▪macOS Sequoia 15.7.1
▪Fixes 1 Vulnerability: CVE-2025-43400
▪macOS Tahoe 26
▪Fixes 77 Vulnerabilities: See Apple security bulletin for details
▪macOS Tahoe 26.0.1
▪Fixes 1 Vulnerability: CVE-2025-43400
▪Safari 26 for macOS Sonoma and macOS Sequoia
▪Fixes 7 Vulnerabilities: See Apple security bulletin for details
Copyright © 2025 Ivanti. All rights reserved. 47
Apple Third Party CVE Information
▪Google Chrome 140.0.7339.186
▪CHROMEMAC -250918
▪Fixes 4 Vulnerabilities: CVE-2025-10500, CVE-2025-10501, CVE-2025-10502, CVE-2025-10585
▪Google Chrome 141.0.7390.66
▪CHROMEMAC -251007
▪Fixes 3 Vulnerabilities: CVE-2025-11211, CVE-2025-11458, CVE-2025-11460
▪Docker For Mac 4.47.0
▪DOCKER-250925, QDOCKER4470
▪Fixes 1 Vulnerability: CVE-2025-10657
▪Visual Studio Code 1.104.2
▪VSCODE-250925
▪Fixes 1 Vulnerability: CVE-2025-10585
Apple Third Party CVE Information
▪Google Chrome 140.0.7339.186
▪CHROMEMAC -250918
▪Fixes 4 Vulnerabilities: CVE-2025-10500, CVE-2025-10501, CVE-2025-10502, CVE-2025-10585
▪Google Chrome 141.0.7390.66
▪CHROMEMAC -251007
▪Fixes 3 Vulnerabilities: CVE-2025-11211, CVE-2025-11458, CVE-2025-11460
▪Docker For Mac 4.47.0
▪DOCKER-250925, QDOCKER4470
▪Fixes 1 Vulnerability: CVE-2025-10657
▪Visual Studio Code 1.104.2
▪VSCODE-250925
▪Fixes 1 Vulnerability: CVE-2025-10585
Copyright © 2025 Ivanti. All rights reserved. 48
Apple Third Party CVE Information (cont)
▪Firefox 143.0
▪FF-250917
▪Fixes 11 Vulnerabilities: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10530,
CVE-2025-10531, CVE-2025-10532, CVE-2025-10533, CVE-2025-10534, CVE-2025-10535,
CVE-2025-10536, CVE-2025-10537
▪Firefox 143.0.3
▪MFSA2025-80
▪Fixes 2 Vulnerabilities: CVE-2025-11152, CVE-2025-11153
▪Firefox ESR 140.3.0
▪FFE140-250917
▪Fixes 7 Vulnerabilities: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532,
CVE-2025-10533, CVE-2025-10536, CVE-2025-10537
Apple Third Party CVE Information (cont)
▪Firefox 143.0
▪FF-250917
▪Fixes 11 Vulnerabilities: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10530,
CVE-2025-10531, CVE-2025-10532, CVE-2025-10533, CVE-2025-10534, CVE-2025-10535,
CVE-2025-10536, CVE-2025-10537
▪Firefox 143.0.3
▪MFSA2025-80
▪Fixes 2 Vulnerabilities: CVE-2025-11152, CVE-2025-11153
▪Firefox ESR 140.3.0
▪FFE140-250917
▪Fixes 7 Vulnerabilities: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532,
CVE-2025-10533, CVE-2025-10536, CVE-2025-10537
Copyright © 2025 Ivanti. All rights reserved. 49
Apple Third Party CVE Information (cont)
▪Microsoft Edge 140.0.3485.81
▪MEDGEMAC-250919
▪Fixes 4 Vulnerabilities: CVE-2025-10500, CVE-2025-10501, CVE-2025-10502, CVE-2025-10585
▪Microsoft Edge 140.0.3485.94
▪MEDGEMAC-250925
▪Fixes 4 Vulnerabilities: CVE-2025-10890, CVE-2025-10891, CVE-2025-10892, CVE-2025-59251
▪Microsoft Edge 141.0.3537.57
▪MEDGEMAC-251006
▪Fixes 13 Vulnerabilities: cve-2025-11205, CVE-2025-11206, CVE-2025-11207, CVE-2025-11208,
CVE-2025-11209, CVE-2025-11210, CVE-2025-11211, CVE-2025-11212, CVE-2025-11213, CVE-
2025-11215, CVE-2025-11216, CVE-2025-11219, CVE-2025-59489
▪Microsoft Edge 141.0.3537.71
▪MEDGEMAC-251009
▪Fixes 2 Vulnerabilities: CVE-2025-11458, CVE-2025-11460
Apple Third Party CVE Information (cont)
▪Microsoft Edge 140.0.3485.81
▪MEDGEMAC-250919
▪Fixes 4 Vulnerabilities: CVE-2025-10500, CVE-2025-10501, CVE-2025-10502, CVE-2025-10585
▪Microsoft Edge 140.0.3485.94
▪MEDGEMAC-250925
▪Fixes 4 Vulnerabilities: CVE-2025-10890, CVE-2025-10891, CVE-2025-10892, CVE-2025-59251
▪Microsoft Edge 141.0.3537.57
▪MEDGEMAC-251006
▪Fixes 13 Vulnerabilities: cve-2025-11205, CVE-2025-11206, CVE-2025-11207, CVE-2025-11208,
CVE-2025-11209, CVE-2025-11210, CVE-2025-11211, CVE-2025-11212, CVE-2025-11213, CVE-
2025-11215, CVE-2025-11216, CVE-2025-11219, CVE-2025-59489
▪Microsoft Edge 141.0.3537.71
▪MEDGEMAC-251009
▪Fixes 2 Vulnerabilities: CVE-2025-11458, CVE-2025-11460
Copyright © 2025 Ivanti. All rights reserved. 50
Apple Third Party CVE Information
▪Microsoft Office Excel 16.101
▪EXCEL-250917
▪Fixes 10 Vulnerabilities: CVE-2025-54896, CVE-2025-54898, CVE-2025-54899, CVE-2025-54900,
CVE-2025-54901, CVE-2025-54902, CVE-2025-54903, CVE-2025-54904, CVE-2025-54906,
CVE-2025-54910
▪Microsoft Office OneNote 16.101
▪ONENOTE-250917
▪Fixes 2 Vulnerabilities: CVE-2025-54906, CVE-2025-54910
▪Microsoft Office Outlook 16.101
▪OUTLOOK-250917
▪Fixes 2 Vulnerabilities: CVE-2025-54906, CVE-2025-54910
▪Microsoft Office PowerPoint 16.101
▪POWERPOINT-250917
▪Fixes 2 Vulnerabilities: CVE-2025-54906, CVE-2025-54910
Apple Third Party CVE Information
▪Microsoft Office Excel 16.101
▪EXCEL-250917
▪Fixes 10 Vulnerabilities: CVE-2025-54896, CVE-2025-54898, CVE-2025-54899, CVE-2025-54900,
CVE-2025-54901, CVE-2025-54902, CVE-2025-54903, CVE-2025-54904, CVE-2025-54906,
CVE-2025-54910
▪Microsoft Office OneNote 16.101
▪ONENOTE-250917
▪Fixes 2 Vulnerabilities: CVE-2025-54906, CVE-2025-54910
▪Microsoft Office Outlook 16.101
▪OUTLOOK-250917
▪Fixes 2 Vulnerabilities: CVE-2025-54906, CVE-2025-54910
▪Microsoft Office PowerPoint 16.101
▪POWERPOINT-250917
▪Fixes 2 Vulnerabilities: CVE-2025-54906, CVE-2025-54910
Copyright © 2025 Ivanti. All rights reserved. 51
Apple Third Party CVE Information (cont)
▪Microsoft Office Word 16.101
▪WORD-250917
▪Fixes 3 Vulnerabilities: CVE-2025-54905, CVE-2025-54906, CVE-2025-54910
▪Thunderbird ESR 140.3.0
▪TBE-250917
▪Fixes 10 Vulnerabilities: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10530,
CVE-2025-10531, CVE-2025-10532, CVE-2025-10533, CVE-2025-10534, CVE-2025-10536,
CVE-2025-10537
Apple Third Party CVE Information (cont)
▪Microsoft Office Word 16.101
▪WORD-250917
▪Fixes 3 Vulnerabilities: CVE-2025-54905, CVE-2025-54906, CVE-2025-54910
▪Thunderbird ESR 140.3.0
▪TBE-250917
▪Fixes 10 Vulnerabilities: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10530,
CVE-2025-10531, CVE-2025-10532, CVE-2025-10533, CVE-2025-10534, CVE-2025-10536,
CVE-2025-10537
Copyright © 2025 Ivanti. All rights reserved. 52
Q & A
Q & A
Chris Goettl and Todd Schell
Thank You!
Thank You!
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 0
- Slides 53
- Age 48 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
21 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views