Application Management and Patching
April 2025 Third-Party Patches: Notable Vulnerabilities and Updates
Every key metric rose in April. Software releases equaled the number of unique vulnerabilities. The number of vulnerable applications rose from 58 to 85 when comparing March and April.
Beginning this month, I refined the patch-priority logic. In the past, I have only recommended zero-day vulnerabilities and vulnerabilities with critical CVSS rating to be prioritized in the patching efforts. CVSS alone can’t guide remediation priorities. Therefore, I started using EPSS (Exploit Prediction Scoring System) as one of the factors to sharpen prioritization recommendations. EPSS assigns a 0-to-1 score predicting the chance of exploitation within 30 days. You can read my recent blog post to learn more about patch prioritization best practice.
Notable Vulnerabilities in April 2025 Third-Party Patches
April included one zero-day: CVE-2025-2783 in Google Chrome (< 134.0.6998.177 for Windows). A malformed handle in the Mojo component lets a remote attacker escape the sandbox via a crafted file. The following Chromium based products are affected too:
- Microsoft Edge
- Burp Suite
PgAdmin 4 versions before 9.2 have a RCE (Remote Code Execution) vulnerability. Exploitation of this vulnerability (CVE-2025-2945) could enable an attacker to execute arbitrary code on the affected system, which may result in unauthorized access, data compromise, or system control. Its EPSS score is 0.31 (range from 0 to 1) and CVSS score is 9.9. The average EPSS score for all the 138 vulnerabilities this month is 0.0008. The likelihood of this vulnerability getting exploited is well above the normal level, and remediating this vulnerability should be a high priority. More information about vulnerability can be found on their Github page.
More information can be found on Google’s release notes page. Patching these products will also remediate another vulnerability CVE-2025-2476 with an elevated EPSS score of 0.026 (range from 0 to 1).
Vulnerability CVE-2025-26682 affects multiple Microsoft products including Visual Studio, .NET, ASP.NET Core Runtime, and Windows Desktop Runtime. Because of its elevated EPSS score we recommend prioritizing the patching of these products too. The full list of affected products and other information can be found on MSRC update guide.
Browser Security Updates in April 2025
| Browser | Vulnerabilities | Updates |
| Google Chrome | 16 | 4 |
| Microsoft Edge | 44 | 4 |
| Brave Browser | 11 | 3 |
| Pale Moon | 2 | 1 |
| Mozilla Firefox | 18 | 3 |
| Mozilla Firefox ESR 115 | 8 | 3 |
| Mozilla Firefox ESR 128 | 9 | 2 |
Microsoft Product Updates Included in April 2025 Third-Party Patches
In addition to Edge, Microsoft issued security updates for several other products.
- Microsoft .NET Runtime 8.0
- Microsoft .NET Runtime 9.0
- Microsoft .NET SDK 8.0
- Microsoft .NET SDK 9.0
- Microsoft 365 Apps
- Microsoft ASP.NET Core Runtime 8.0
- Microsoft ASP.NET Core Runtime 9.0
- Microsoft ASP.NET Core Runtime Hosting Bundle 8.0
- Microsoft ASP.NET Core Runtime Hosting Bundle 9.0
- Microsoft Edge Beta
- Microsoft Edge for Business
- Microsoft Remote Desktop
- Microsoft Visual Studio 2022 Enterprise
- Microsoft Visual Studio 2022 Professional
- Microsoft Visual Studio Code
- Microsoft Visual Studio Tools for Applications
- Microsoft Windows Desktop Runtime 8.0
- Microsoft Windows Desktop Runtime 9.0
- OpenJDK 11
- OpenJDK 17
- OpenJDK 21
Detailed List of April 2025 Third-Party Patches
For a complete list of applications, versions, and the number of remediated vulnerabilities, see the table below generated using Application Workspace data.
| ProductName | VersionName | Vulnerabilities remediated |
| Akeo Consulting Rufus | 4.7 | 1 |
| Amazon Corretto JDK 21 | 21.0.7.6.1 | 3 |
| Amazon Corretto JDK 24 | 24.0.1.9.1 | 3 |
| Apache Tomcat 10 | 10.1.40 | 2 |
| Apache Tomcat 11 | 11.0.6 | 2 |
| Apache Tomcat 9 | 9.0.104 | 2 |
| Autodesk AutoCAD 2022 | 2022.1.6 | 34 |
| Autodesk AutoCAD 2023 | 2023.1.7 | 34 |
| Autodesk AutoCAD 2024 | 2024.1.7 | 32 |
| Autodesk AutoCAD LT 2022 | 2022.1.6 | 7 |
| Autodesk AutoCAD LT 2023 | 2023.1.7 | 7 |
| Autodesk AutoCAD LT 2024 | 2024.1.7 | 6 |
| Autodesk Revit 2024 | 2024.3.2 | 1 |
| Brave Browser | 1.77.95 | 9 |
| Brave Browser | 1.77.97 | 1 |
| Brave Browser | 135.1.77.97 | 1 |
| Burp Suite Community Edition | 2025.3 | 1 |
| Burp Suite Community Edition | 2025.3.1 | 8 |
| Burp Suite Community Edition | 2025.4.1 | 2 |
| Burp Suite Professional Edition | 2025.3 | 1 |
| Burp Suite Professional Edition | 2025.3.1 | 8 |
| Burp Suite Professional Edition | 2025.4.1 | 2 |
| Chef Infra Client | 18.7.3 | 1 |
| Chef Infra Client for Windows 10 | 18.7.3 | 1 |
| Chef Infra Client for Windows 11 | 18.7.3 | 1 |
| Chef Infra Client for Windows Server 2016 | 18.7.3 | 1 |
| Chef Infra Client for Windows Server 2019 | 18.7.3 | 1 |
| Chef Infra Client for Windows Server 2022 | 18.7.3 | 1 |
| Docker Desktop | 4.41.0 | 1 |
| Docker Desktop | 4.41.0.190950 | 1 |
| GoLand | 2025.1 | 1 |
| Google Chrome for Business | 136.0.7103.49 | 4 |
| Google Chrome for Business | 135.0.7049.42 | 9 |
| Google Chrome for Business | 135.0.7049.85 | 1 |
| Google Chrome for Business | 135.0.7049.96 | 2 |
| Google Chrome for Education | 136.0.7103.49 | 4 |
| Google Chrome for Education | 135.0.7049.42 | 9 |
| Google Chrome for Education | 135.0.7049.85 | 1 |
| Google Chrome for Education | 135.0.7049.96 | 2 |
| Google Go Programming Language 1.23 | 1.23.8 | 1 |
| Google Go Programming Language 1.24 | 1.24.2 | 1 |
| Helix Visual Client (P4V) | 2025.2 | 2 |
| Helm | 3.17.3 | 2 |
| Mendix 10 | 10.18.5.65446 | 2 |
| Mendix 10 | 10.12.16.66308 | 2 |
| Mendix 10 | 10.6.22.66146 | 2 |
| Mendix 9 | 9.24.34.65277 | 1 |
| Microsoft .NET Runtime 8.0 | 8.0.15.34714 | 1 |
| Microsoft .NET Runtime 8.0 | 8.0.15 | 1 |
| Microsoft .NET Runtime 9.0 | 9.0.4 | 1 |
| Microsoft .NET SDK 8.0 | 8.4.825.16805 | 1 |
| Microsoft .NET SDK 8.0 | 8.0.408 | 1 |
| Microsoft .NET SDK 9.0 | 9.0.203 | 1 |
| Microsoft 365 Apps | 2503 (Build 16.0.18623.20178) | 11 |
| Microsoft 365 Apps | 2502 (Build 16.0.18526.20286) | 1 |
| Microsoft 365 Apps | 2408 (Build 16.0.17928.20512) | 11 |
| Microsoft 365 Apps | 2502 (Build 16.0.18526.20264) | 11 |
| Microsoft 365 Apps | 16.96.25041326 | 13 |
| Microsoft ASP.NET Core Runtime 8.0 | 8.0.15 | 1 |
| Microsoft ASP.NET Core Runtime 8.0 | 8.0.15.25165 | 1 |
| Microsoft ASP.NET Core Runtime 9.0 | 9.0.4 | 1 |
| Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 | 8.0.15.25165 | 1 |
| Microsoft ASP.NET Core Runtime Hosting Bundle 9.0 | 9.0.4 | 1 |
| Microsoft Edge Beta | 135.0.3179.54 | 11 |
| Microsoft Edge Beta | 135.0.3179.54 | 16 |
| Microsoft Edge for Business | 135.0.3179.54 | 15 |
| Microsoft Edge for Business | 135.0.3179.54 | 16 |
| Microsoft Edge for Business | 135.0.3179.85 | 2 |
| Microsoft Edge for Business | 135.0.3179.73 | 11 |
| Microsoft Remote Desktop | 1.2.6186.0 | 1 |
| Microsoft Remote Desktop | 1.2.6081.0 | 1 |
| Microsoft Visual Studio 2022 Enterprise | 17.10.35931.201 | 3 |
| Microsoft Visual Studio 2022 Enterprise | 17.12.35931.192 | 3 |
| Microsoft Visual Studio 2022 Enterprise | 17.8.35931.193 | 3 |
| Microsoft Visual Studio 2022 Enterprise | 17.13.35931.197 | 3 |
| Microsoft Visual Studio 2022 Professional | 17.13.35931.197 | 3 |
| Microsoft Visual Studio 2022 Professional | 17.12.35931.192 | 3 |
| Microsoft Visual Studio 2022 Professional | 17.8.35931.193 | 3 |
| Microsoft Visual Studio 2022 Professional | 17.10.35931.201 | 3 |
| Microsoft Visual Studio Code | 1.99.1 | 1 |
| Microsoft Visual Studio Tools for Applications | 15.0.36010.0 | 1 |
| Microsoft Windows Desktop Runtime 8.0 | 8.0.15.34718 | 1 |
| Microsoft Windows Desktop Runtime 9.0 | 9.0.4 | 1 |
| Mozilla Firefox | 138.0 | 9 |
| Mozilla Firefox | 137.0 | 8 |
| Mozilla Firefox | 137.0.2 | 1 |
| Mozilla Firefox ESR 115 | 115.23.0 | 2 |
| Mozilla Firefox ESR 128 | 128.10.0 | 6 |
| Mozilla Firefox ESR 128 | 128.9.0 | 3 |
| Mozilla Thunderbird | 138.0 | 9 |
| Mozilla Thunderbird | 137.0.2 | 3 |
| Mozilla Thunderbird ESR 128 | 128.10.0 | 6 |
| Mozilla Thunderbird ESR 128 | 128.9.2 | 3 |
| Mozilla Thunderbird ESR 128 | 128.10.0 | 0 |
| Nessus Agent 10 | 10.8.4.20030 | 1 |
| OpenJDK 11 | 11.0.27.6 | 5 |
| OpenJDK 17 | 17.0.15.6 | 5 |
| OpenJDK 21 | 21.0.7.6 | 5 |
| OpenVPN | 2.6.14 (2.6.1401) | 1 |
| Oracle Java Runtime Environment Version 8 | 8.0.4510.10 | 4 |
| Oracle Java SE Development Kit 21 | 21.0.7.0 | 3 |
| Oracle Java SE Development Kit 24 | 24.0.1.0 | 3 |
| Oracle Java SE Development Kit 8 | 8.0.4510.10 | 4 |
| Pale Moon | 33.7.0 | 2 |
| pgAdmin 4 | 9.2 | 2 |
| Rarlab WinRAR | 7.11 | 1 |
| Rarlab WinRAR | 7.11 | 2 |
| Red Hat OpenJDK | 17.0.15.0.6 | 3 |
| Red Hat OpenJDK | 1.8.4521.9 | 3 |
| Red Hat OpenJDK | 21.0.7.0.6 | 3 |
| Red Hat OpenJDK | 17.00150.6.1 | 3 |
| Red Hat OpenJDK | 8.0.452 | 3 |
| Red Hat OpenJDK | 21.0070.6.1 | 3 |
| Red Hat OpenJDK JRE | 21.0070.6.1 | 3 |
| Red Hat OpenJDK JRE | 8.0.452 | 3 |
| Red Hat OpenJDK JRE | 17.00150.6.1 | 3 |
| Red Hat OpenJDK JRE | 17.0.15.0.6 | 3 |
| Red Hat OpenJDK JRE | 21.0.7.0.6 | 3 |
| RubyMine | 2025.1 | 1 |
| Studio 3T | 2025.6.0 | 7 |
| Studio 3T | 2025.7.0 | 7 |
| TeamCity | 2025.03.1 | 3 |
| The Document Foundation LibreOffice 24 | 24.8.6.2 | 1 |
| The Document Foundation LibreOffice 25 | 25.2.2.2 | 1 |
| Zulu JDK 11 (LTS) | 11.80.21 | 5 |
| Zulu JDK 11 (LTS) | 11.80.21 | 0 |
| Zulu JDK 17 (LTS) | 17.58.21 | 5 |
| Zulu JDK 21 (LTS) | 21.42.19 | 5 |
| Zulu JDK 24 (STS) | 24.30.11.0 | 3 |
| Zulu JDK 8 (LTS) | 8.86.0.25 | 5 |
| Zulu JRE 11 (LTS) | 11.80.21 | 5 |
| Zulu JRE 17 (LTS) | 17.58.21 | 5 |
| Zulu JRE 21 (LTS) | 21.42.19 | 5 |
| Zulu JRE 24 (STS) | 24.30.11.0 | 3 |
| Zulu JRE 8 (LTS) | 8.86.0.25 | 5 |
Conclusion
Fast third-party patching protects your environment. April’s updates close critical gaps across browsers and apps—tightening security and boosting uptime. Check back next month for fresh insights.
For deeper insights into how third-party patch management reduces your attack surface, explore our eBook “Reduce Your Attack Footprint” or follow our App Management and Patching series.
