In October the numbers went up quite a bit. Among Setup Store supported applications, there were 128 unique vulnerabilities that were remediated by 160 different version releases. In total, there were 128 vulnerable applications. The number of versions doubled compared to September, and the number of vulnerable applications increased by 55 applications.
Notable Vulnerabilities in October 2025 Third-Party Patches
First, let’s dive into the 2 vulnerabilities that have been actively exploited. CVE-2025-48384 is a vulnerability that affects Chef Workstation for Windows and Chef Workstation for Mac. Chef Workstation is a toolset provided by Chef, a popular configuration management and automation platform. Chef states in their release notes that they updated Git from 2.39.3 to 2.43.7 to resolve the vulnerability. Git is the version control system that manages the lifecycle of Chef code. This vulnerability was added to CISA’s Known Exploited Vulnerabilities Catalog on 2025-08-25. More information about this vulnerability can be found on GitHub.
CVE-2025-41244 is an actively exploited vulnerability that affects VMware Tools 13. VMware Tools is a suite of utilities installed on virtual machines (VMs) to improve performance and manageability. CISA KEV says CVE-2025-41244 lets a local user on a VM gain root access through VMware Tools when SDMP is enabled. The fix is to apply VMware’s patch because attackers are actively exploiting this flaw. More information about the vulnerability can be found on the security advisory by Broadcom.
Another vulnerability worth mentioning is CVE-2025-1094 which affects Rtools 4.3. Rtools, maintained by the R Core Team, is a collection of development tools for Windows that enables users to build R packages from source. According to R Core Team’s changelog this is a vulnerability in PostgreSQL and therefore it indirectly affects Rtools. The EPSS (Exploit Prediction Scoring System) gives an increased score of 0.76. This means there is a very high probability of exploitation within the next 30 days compared to most CVEs.
Browser Security Updates in October 2025
Major browsers, including Google Chrome, Microsoft Edge, Brave, Mozilla Firefox (including ESR versions), Opera One, and Vivaldi received numerous security updates addressing various vulnerabilities.
|
Browser |
Vulnerabilities |
Updates |
|
Google Chrome |
25 |
4 |
|
Microsoft Edge |
42 |
7 |
|
Brave Browser |
46 |
5 |
|
Pale Moon |
2 |
1 |
|
Mozilla Firefox |
15 |
2 |
|
Mozilla Firefox ESR 115 |
4 |
1 |
|
Mozilla Firefox ESR 140 |
8 |
1 |
|
Waterfox |
8 |
1 |
Microsoft Product Updates Included in October 2025 Third-Party Patches
In addition to Edge, Microsoft issued security updates for several other products:
- Microsoft .NET Runtime 8.0
- Microsoft .NET Runtime 9.0
- Microsoft .NET SDK 8.0
- Microsoft .NET SDK 9.0
- Microsoft 365 Apps
- Microsoft ASP.NET Core Runtime 8.0
- Microsoft ASP.NET Core Runtime 9.0
- Microsoft ASP.NET Core Runtime Hosting Bundle 8.0
- Microsoft ASP.NET Core Runtime Hosting Bundle 9.0
- Microsoft Edge Beta
- Microsoft Edge for Business
- Microsoft Project
- Microsoft Remote Desktop
- Microsoft Visio
- Microsoft Visual Studio 2017 Community
- Microsoft Visual Studio 2017 Enterprise
- Microsoft Visual Studio 2017 Professional
- Microsoft Visual Studio 2019 Community
- Microsoft Visual Studio 2019 Enterprise
- Microsoft Visual Studio 2019 Professional
- Microsoft Visual Studio 2022 Community
- Microsoft Visual Studio 2022 Enterprise
- Microsoft Visual Studio 2022 Professional
- Microsoft Visual Studio Feedback Client 2017
- Microsoft Visual Studio Team Explorer 2017
- Microsoft Visual Studio Team Explorer 2019
- Microsoft Visual Studio Team Explorer 2022
- Microsoft Windows Desktop Runtime 8.0
- Microsoft Windows Desktop Runtime 9.0
Detailed List of October 2025 Third-Party Patches
For a complete list of applications, versions, and the number of remediated vulnerabilities, see the table below generated using Application Workspace data.
|
ProductName |
VersionName |
Vulnerabilities remediated |
|
Amazon Corretto JDK 11 |
11.0.29.7.1 |
2 |
|
Amazon Corretto JDK 17 |
17.0.17.10.1 |
2 |
|
Amazon Corretto JDK 8 |
8.472.08.1 |
2 |
|
Autodesk Revit 2024 |
2024.3.4 |
4 |
|
Brave Browser |
142.1.84.132 |
20 |
|
Brave Browser |
1.84.132 |
20 |
|
Brave Browser |
1.83.120 |
1 |
|
Brave Browser |
1.83.118 |
1 |
|
Brave Browser |
1.83.108 |
12 |
|
Brave Browser |
1.83.109 |
12 |
|
Burp Suite Community Edition |
2025.9.5 |
3 |
|
Burp Suite Professional Edition |
2025.9.5 |
3 |
|
Chef Infra Client |
18.8.46 |
1 |
|
Chef Infra Client for Windows 10 |
18.8.46 |
1 |
|
Chef Infra Client for Windows 11 |
18.8.46 |
1 |
|
Chef Infra Client for Windows Server 2016 |
18.8.46 |
1 |
|
Chef Infra Client for Windows Server 2019 |
18.8.46 |
1 |
|
Chef Infra Client for Windows Server 2022 |
18.8.46 |
1 |
|
Chef Infra Client for Windows Server 2025 |
18.8.46 |
1 |
|
Chef Workstation |
25.9.1094 |
11 |
|
Chef Workstation for Windows |
25.9.1094 |
11 |
|
dnGrep |
4.6.39.0 |
1 |
|
Docker Desktop |
4.49.0.208700 |
1 |
|
Docker Desktop |
4.49.0 |
1 |
|
EnterpriseDB Corporation PostgreSQL 13 |
13.22.2 |
3 |
|
EnterpriseDB Corporation PostgreSQL 14 |
14.19.2 |
3 |
|
EnterpriseDB Corporation PostgreSQL 15 |
15.14.2 |
3 |
|
EnterpriseDB Corporation PostgreSQL 16 |
16.10.2 |
3 |
|
EnterpriseDB Corporation PostgreSQL 17 |
17.6.2 |
3 |
|
EnterpriseDB Corporation PostgreSQL 17 |
17.6 |
3 |
|
Foxit PDF Editor 2025 |
2025.2.1.33197 |
2 |
|
Git |
2.51.1 |
1 |
|
Git |
2.51.1.1 |
1 |
|
Google Chrome |
142.0.7444.60 |
20 |
|
Google Chrome |
142.0.7444.59 |
20 |
|
Google Chrome |
141.0.7390.107 |
1 |
|
Google Chrome |
141.0.7390.122 |
1 |
|
Google Chrome |
141.0.7390.123 |
1 |
|
Google Chrome |
141.0.7390.108 |
1 |
|
Google Chrome |
141.0.7390.65 |
3 |
|
Google Chrome |
141.0.7390.66 |
3 |
|
Google Chrome for Business |
142.0.7444.60 |
20 |
|
Google Chrome for Business |
141.0.7390.123 |
1 |
|
Google Chrome for Business |
141.0.7390.108 |
1 |
|
Google Chrome for Business |
141.0.7390.66 |
3 |
|
Google Chrome for Education |
142.0.7444.60 |
20 |
|
Google Chrome for Education |
141.0.7390.108 |
1 |
|
Google Chrome for Education |
141.0.7390.123 |
1 |
|
Google Chrome for Education |
141.0.7390.66 |
3 |
|
Google Go Programming Language |
1.24.8 |
10 |
|
Google Go Programming Language |
1.25.2 |
10 |
|
IBM Semeru Runtime Open Edition JDK 11 (LTS) |
11.0.29.7 |
2 |
|
IBM Semeru Runtime Open Edition JDK 17 (LTS) |
17.0.17.10 |
2 |
|
IBM Semeru Runtime Open Edition JDK 21 |
21.0.9.10 |
2 |
|
IBM Semeru Runtime Open Edition JDK 8 (LTS) |
8.0.472.8 |
2 |
|
IBM Semeru Runtime Open Edition JRE 11 (LTS) |
11.0.29.7 |
2 |
|
IBM Semeru Runtime Open Edition JRE 17 (LTS) |
17.0.17.10 |
2 |
|
IBM Semeru Runtime Open Edition JRE 21 |
21.0.9.10 |
2 |
|
IBM Semeru Runtime Open Edition JRE 8 (LTS) |
8.0.472.8 |
2 |
|
Liberica JDK |
8.0.472.9 |
3 |
|
Liberica JDK |
11.0.29.10 |
3 |
|
Liberica JDK |
17.0.17.11 |
3 |
|
Liberica JDK |
25.0.1.11 |
4 |
|
Liberica JDK Lite |
21.0.9.11 |
4 |
|
Liberica JDK Lite |
25.0.1.11 |
4 |
|
Liberica JDK Lite |
8.0.472.9 |
3 |
|
Liberica JDK Lite |
11.0.29.10 |
3 |
|
Liberica JRE |
8.0.472.9 |
3 |
|
Liberica JRE |
11.0.29.10 |
3 |
|
Liberica JRE |
25.0.1.11 |
4 |
|
Liberica JRE |
21.0.9.11 |
4 |
|
Liberica JRE |
8.0.462.11 |
6 |
|
Microsoft .NET Runtime 8.0 |
8.0.21.35325 |
3 |
|
Microsoft .NET Runtime 8.0 |
8.0.21 |
3 |
|
Microsoft .NET Runtime 9.0 |
9.0.10 |
3 |
|
Microsoft .NET SDK 8.0 |
8.4.1525.47604 |
3 |
|
Microsoft .NET SDK 8.0 |
8.0.415 |
3 |
|
Microsoft .NET SDK 9.0 |
9.0.306 |
3 |
|
Microsoft 365 Apps |
2507 (Build 16.0.19029.20274) |
16 |
|
Microsoft 365 Apps |
2509 (Build 16.0.19231.20194) |
16 |
|
Microsoft 365 Apps |
2502 (Build 16.0.18526.20634) |
16 |
|
Microsoft ASP.NET Core Runtime 8.0 |
8.0.21.25475 |
3 |
|
Microsoft ASP.NET Core Runtime 8.0 |
8.0.21 |
3 |
|
Microsoft ASP.NET Core Runtime 9.0 |
9.0.10 |
3 |
|
Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 |
8.0.21.25475 |
3 |
|
Microsoft ASP.NET Core Runtime Hosting Bundle 9.0 |
9.0.10 |
3 |
|
Microsoft Edge Beta |
142.0.3595.53 |
21 |
|
Microsoft Edge Beta |
141.0.3537.57 |
12 |
|
Microsoft Edge for Business |
142.0.3595.53 |
21 |
|
Microsoft Edge for Business |
141.0.3537.85 |
3 |
|
Microsoft Edge for Business |
141.0.3537.85 |
1 |
|
Microsoft Edge for Business |
141.0.3537.57 |
12 |
|
Microsoft Edge for Business |
141.0.3537.71 |
2 |
|
Microsoft Edge for Business |
141.0.3537.71 |
3 |
|
Microsoft Project |
2509 (Build 16.0.19231.20194) |
16 |
|
Microsoft Remote Desktop |
1.2.6676.0 |
1 |
|
Microsoft Remote Desktop |
1.2.6674.0 |
1 |
|
Microsoft Remote Desktop |
1.2.6599.0 |
1 |
|
Microsoft Visio |
2509 (Build 16.0.19231.20194) |
16 |
|
Microsoft Visual Studio 2017 Community |
15.9.36602.26 |
1 |
|
Microsoft Visual Studio 2017 Enterprise |
15.9.36602.26 |
1 |
|
Microsoft Visual Studio 2017 Professional |
15.9.36602.26 |
1 |
|
Microsoft Visual Studio 2019 Community |
16.11.36602.28 |
1 |
|
Microsoft Visual Studio 2019 Enterprise |
16.11.36602.28 |
1 |
|
Microsoft Visual Studio 2019 Professional |
16.11.36602.28 |
1 |
|
Microsoft Visual Studio 2022 Community |
17.14.36603.0 |
4 |
|
Microsoft Visual Studio 2022 Enterprise |
17.12.36602.29 |
3 |
|
Microsoft Visual Studio 2022 Enterprise |
17.10.36602.27 |
3 |
|
Microsoft Visual Studio 2022 Enterprise |
17.14.36603.0 |
4 |
|
Microsoft Visual Studio 2022 Professional |
17.14.36603.0 |
4 |
|
Microsoft Visual Studio 2022 Professional |
17.12.36602.29 |
3 |
|
Microsoft Visual Studio 2022 Professional |
17.10.36602.27 |
3 |
|
Microsoft Visual Studio Feedback Client 2017 |
15.9.36602.26 |
1 |
|
Microsoft Visual Studio Team Explorer 2017 |
15.9.36602.26 |
1 |
|
Microsoft Visual Studio Team Explorer 2019 |
16.11.36602.28 |
1 |
|
Microsoft Visual Studio Team Explorer 2022 |
17.14.36603.0 |
4 |
|
Microsoft Windows Desktop Runtime 8.0 |
8.0.21.35325 |
3 |
|
Microsoft Windows Desktop Runtime 9.0 |
9.0.10 |
3 |
|
Mozilla Firefox |
144.0 |
14 |
|
Mozilla Firefox |
144.0.2 |
1 |
|
Mozilla Firefox ESR 115 |
115.29.0 |
4 |
|
Mozilla Firefox ESR 140 |
140.4.0 |
8 |
|
Mozilla Thunderbird |
140.4.0 |
8 |
|
Mozilla Thunderbird |
144.0 |
11 |
|
Mozilla Thunderbird ESR 140 |
140.4.0 |
8 |
|
Mozilla Thunderbird ESR 140 |
140.4.0 |
4 |
|
Notepad++ |
8.8.7 |
1 |
|
Notepad++ |
8.8.6 |
2 |
|
OpenSSL |
3.3.5 |
3 |
|
OpenSSL |
3.5.4 |
3 |
|
OpenSSL |
3.0.18 |
2 |
|
OpenSSL |
3.4.3 |
3 |
|
OpenSSL |
3.2.6 |
3 |
|
OpenSSL Light |
3.0.18 |
2 |
|
OpenSSL Light |
3.2.6 |
3 |
|
OpenSSL Light |
3.3.5 |
3 |
|
OpenSSL Light |
3.4.3 |
3 |
|
OpenSSL Light |
3.5.4 |
3 |
|
Oracle Java Runtime Environment Version 8 |
8.0.4710.09 |
2 |
|
Oracle Java SE Development Kit |
25.0.1.0 |
3 |
|
Oracle Java SE Development Kit |
25.0.1.0 |
6 |
|
Oracle Java SE Development Kit 21 |
21.0.9.0 |
3 |
|
Oracle Java SE Development Kit 25 |
25.0.1.0 |
6 |
|
Oracle Java SE Development Kit 25 |
25.0.1 |
3 |
|
Oracle Java SE Development Kit 8 |
8.0.4710.09 |
2 |
|
Pale Moon |
33.9.1 |
2 |
|
Rancher Desktop |
1.20.1 |
1 |
|
Rtools |
4.4.6459.6401 |
1 |
|
Rtools |
4.3.5976.5975 |
1 |
|
Snagit 2025 |
2025.3.2 |
1 |
|
VMware Tools 13 |
13.0.5.24915695 |
2 |
|
Waterfox |
6.6.4 |
8 |
|
Wireshark |
4.4.10 |
1 |
|
Zulu JDK 11 (LTS) |
11.84.17 |
2 |
|
Zulu JDK 17 (LTS) |
17.62.17 |
2 |
|
Zulu JDK 21 (LTS) |
21.46.19 |
3 |
|
Zulu JDK 25 (LTS) |
25.30.17.0 |
3 |
|
Zulu JDK 8 (LTS) |
8.90.0.19 |
2 |
|
Zulu JRE 11 (LTS) |
11.84.17 |
2 |
|
Zulu JRE 17 (LTS) |
17.62.17 |
2 |
|
Zulu JRE 21 (LTS) |
21.46.19 |
3 |
|
Zulu JRE 25 (LTS) |
25.30.17.0 |
3 |
|
Zulu JRE 8 (LTS) |
8.90.0.19 |
2 |
Conclusion
October saw a significant spike in third-party application vulnerabilities, emphasizing the need for timely patching and vigilant monitoring. With actively exploited CVEs and critical updates across popular tools and browsers, staying current is essential for minimizing risk and maintaining compliance. Keep your patching workflows sharp and check back next month for the latest insights.
