November brought a noticeable slowdown after October’s surge. We tracked 81 unique vulnerabilities, and these were addressed through 59 version releases. The number of vulnerable applications also dropped sharply to 37, a big change from the 100 we saw last month. Overall, it was a quieter period for remediation, with fewer issues and fewer patches compared to October.
Notable Vulnerabilities in November 2025 Third-Party Patches
Once again, we have a chromium-based vulnerability CVE-2025-13223 affecting multiple browsers. This vulnerability is actively exploited, and it has been confirmed by Google and CISA. It was added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog on Nov 19, 2025. The vulnerability allows an attacker to corrupt memory and potentially achieve remote code execution if a user visits a malicious webpage. The flaw requires user interaction but no privileges. More information can be found on Google’s release notes and CISA’s KEV.
CVE-2025-41244, on the other hand, is a local privilege escalation vulnerability that has been exploited in the wild. The main reason for this is the service discovery script which can execute binaries from user-writable directories like /tmp. An attacker with local access could place a malicious file there, and when VMware Tools runs its discovery process, that file gets executed with elevated privileges. More information can be found on Broadcom’s advisory notification and on CISA’s KEV.
CVE-2024-12718 is a flaw in Python’s tarfile module introduced in version 3.12 and later. The CVSS rating for this vulnerability is currently a critical 10. More information can be found on GitHub.
There were no vulnerabilities with a noticeable increase in EPSS in November.
Browser Security Updates in November 2025
Major browsers, including Google Chrome, Microsoft Edge, Brave, Mozilla Firefox (including ESR versions), Opera One, and Vivaldi received numerous security updates addressing various vulnerabilities.
| Browser | Vulnerabilities | Updates |
| Google Chrome | 8 | 3 |
| Microsoft Edge | 6 | 3 |
| Brave Browser | 8 | 3 |
| Mozilla Firefox 140 | 9 | 1 |
| Vivaldi | 1 | 1 |
| Waterfox | 4 | 1 |
Microsoft Product Updates Included in November 2025 Third-Party Patches
In addition to Edge, Microsoft issued security updates for several other products:
- Microsoft Azure CLI
- Microsoft 365 Apps
- Microsoft Project
- Microsoft Visio
- Microsoft Visual Studio Code
- Microsoft Visual Studio 2022 Enterprise
- Microsoft Visual Studio 2022 Professional
Detailed List of November 2025 Third-Party Patches
For a complete list of applications, versions, and the number of remediated vulnerabilities, see the table below generated using Application Workspace data.
| Product Name | Version Name | Vulnerabilities remediated |
| Apache OpenOffice 4 | 4.1.16 | 7 |
| Brave Browser | 1.84.141 | 2 |
| Brave Browser | 1.84.139 | 1 |
| Brave Browser | 1.84.135 | 5 |
| Burp Suite Community Edition | 2025.11.2 | 2 |
| Burp Suite Professional Edition | 2025.11.2 | 2 |
| Datadog Agent | 7.72.0 | 2 |
| EnterpriseDB Corporation PostgreSQL 14 | 14.20.1 | 2 |
| EnterpriseDB Corporation PostgreSQL 15 | 15.15.1 | 2 |
| EnterpriseDB Corporation PostgreSQL 16 | 16.11.1 | 2 |
| EnterpriseDB Corporation PostgreSQL 17 | 17.7.1 | 2 |
| EnterpriseDB Corporation PostgreSQL 17 | 17.7 | 2 |
| EnterpriseDB Corporation PostgreSQL 18 | 18.1.1 | 2 |
| Google Chrome | 142.0.7444.176 | 2 |
| Google Chrome | 142.0.7444.162 | 1 |
| Google Chrome | 142.0.7444.135 | 5 |
| Google Chrome for Business | 142.0.7444.176 | 2 |
| Google Chrome for Business | 142.0.7444.163 | 1 |
| Google Chrome for Business | 142.0.7444.135 | 5 |
| Google Chrome for Education | 142.0.7444.176 | 2 |
| Google Chrome for Education | 142.0.7444.163 | 1 |
| Google Chrome for Education | 142.0.7444.135 | 5 |
| IBM Semeru Runtime Open Edition JDK 25 | 25.0.1.8 | 2 |
| Liberica JDK | 11.0.29.12 | 4 |
| Liberica JDK | 25.0.1.13 | 4 |
| Liberica JDK | 8.0.472.11 | 4 |
| Liberica JDK | 17.0.17.15 | 4 |
| Liberica JDK Lite | 25.0.1.13 | 4 |
| Liberica JDK Lite | 21.0.9.15 | 4 |
| Liberica JDK Lite | 11.0.29.12 | 4 |
| Liberica JDK Lite | 8.0.472.11 | 4 |
| Liberica JRE | 25.0.1.13 | 4 |
| Liberica JRE | 21.0.9.15 | 4 |
| Liberica JRE | 11.0.29.12 | 4 |
| Liberica JRE | 8.0.472.11 | 4 |
| Microsoft 365 Apps | 2502 (Build 16.0.18526.20660) | 11 |
| Microsoft 365 Apps | 2510 (Build 16.0.19328.20190) | 11 |
| Microsoft 365 Apps | 2509 (Build 16.0.19231.20246) | 11 |
| Microsoft Azure CLI | 2.79.0 | 2 |
| Microsoft Edge for Business | 142.0.3595.90 | 2 |
| Microsoft Edge for Business | 142.0.3595.80 | 1 |
| Microsoft Edge for Business | 142.0.3595.65 | 3 |
| Microsoft Project | 2510 (Build 16.0.19328.20190) | 11 |
| Microsoft Visio | 2510 (Build 16.0.19328.20190) | 11 |
| Microsoft Visual Studio 2022 Enterprise | 17.14.36705.20 | 1 |
| Microsoft Visual Studio 2022 Professional | 17.14.36705.20 | 1 |
| Microsoft Visual Studio Code | 1.106.2 | 1 |
| Mozilla Firefox | 145.0 | 16 |
| Mozilla Firefox ESR 140 | 140.5.0 | 9 |
| Mozilla Firefox ESR 140 | 140.5.0 | 6 |
| Mozilla Thunderbird | 145.0 | 16 |
| Mozilla Thunderbird ESR 140 | 140.5.0 | 9 |
| NSwagStudio | 14.6.3 | 1 |
| pgAdmin 4 | 9.10 | 4 |
| Python 3.14 | 3.14.0 | 5 |
| VisualSVN Server | 5.4.5 | 13 |
| Vivaldi | 7.7.3851.52 | 1 |
| VMware Tools 12 | 12.5.4.24964629 | 2 |
| Waterfox | 6.6.5 | 4 |
| Wireshark | 4.4.11 | 1 |
Conclusion
November’s patch activity shows a clear slowdown after October’s surge, but the vulnerabilities that did surface underscore the ongoing importance of consistent, well-structured remediation practices. While fewer applications required attention, critical issues across browsers, Python, and VMware Tools demonstrate that even quieter months carry meaningful security risks. Staying proactive with patch management and aware of emerging threats remains essential as we move into the final stretch of the year. Let’s see what December brings.
