Application Management and Patching

May 2025 Third-Party Patches: Notable Vulnerabilities and Updates 

Topics: Application Management and Patching

In May 2025, 79 vulnerable applications received 129 updates. These updates remediate 107 unique vulnerabilities. In other words, May isn’t that different from previous months. This month, prioritize zero-day vulnerabilities and those with high Exploit Prediction Scoring System (EPSS) scores. 

May 2025 Third-Party Patches - Graph

Notable Vulnerabilities in May 2025 Third-Party Patches 

There were two zero-day vulnerabilities in May. CVE-2025-27363 is a dependency vulnerability affecting Gpg4win (GNU Privacy Guard for Windows) caused by FreeType in 2.13.0 and below. An out-of-bounds write can occur when parsing font subglyph structures for TrueType GX and variable fonts. The code assigns a signed short to an unsigned long, adds a static value, and causes a wraparound, leading to inadequate heap buffer allocation. For more details, see the Gpg4win release notes and the NVD entry

CVE-2025-4664 is a zero-day flaw that affects several Chromium-based products, including Electron, Microsoft Edge for Business, Google Chrome, Vivaldi, Brave Browser, Burp Suite, and Opera One. A vulnerability in the Loader component of Google Chrome prior to version 136.0.7103.113 allowed remote attackers to exploit insufficient policy enforcement, leading to the potential leakage of cross-origin data through a specially crafted HTML page. For more information, refer to the Google Chrome release notes

The Exploit Prediction Scoring System (EPSS) scores for the two zero-days are 0.68 and 0.024. Given these scores, prioritize patching these two vulnerabilities first. Another high-risk issue is CVE-2023-48795, affecting TurboVNC, with an EPSS score of 0.67. The flaw originates in a dependency used by OpenSSH before 9.6 (and other products) and can let remote attackers bypass integrity checks. For more information, consult the TurboVNC release notes and NVD entry. 

Browser Security Updates in May 2025 

Browser Vulnerabilities Updates 
Google Chrome 16 
Microsoft Edge 29 
Brave Browser 
Pale Moon 
Mozilla Firefox 12 
Mozilla Firefox ESR 115 
Mozilla Firefox ESR 128 
Opera One 
Vivaldi 
Waterfox 19 

Microsoft Product Updates Included in May 2025 Third-Party Patches 

In addition to Edge, Microsoft issued security updates for several other products. 

  • Microsoft .NET Runtime 8.0 
  • Microsoft .NET Runtime 9.0 
  • Microsoft .NET SDK 8.0 
  • Microsoft .NET SDK 9.0 
  • Microsoft 365 Apps 
  • Microsoft ASP.NET Core Runtime 8.0 
  • Microsoft ASP.NET Core Runtime 9.0 
  • Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 
  • Microsoft ASP.NET Core Runtime Hosting Bundle 9.0 
  • Microsoft Edge Beta 
  • Microsoft Edge for Business 
  • Microsoft Visual Studio 2017 Community 
  • Microsoft Visual Studio 2017 Enterprise 
  • Microsoft Visual Studio 2017 Professional 
  • Microsoft Visual Studio 2019 Community 
  • Microsoft Visual Studio 2019 Enterprise 
  • Microsoft Visual Studio 2019 Professional 
  • Microsoft Visual Studio 2022 Community 
  • Microsoft Visual Studio 2022 Enterprise 
  • Microsoft Visual Studio 2022 Professional 
  • Microsoft Visual Studio Code 
  • Microsoft Visual Studio Feedback Client 2017 
  • Microsoft Visual Studio Team Explorer 2017 
  • Microsoft Visual Studio Team Explorer 2019 
  • Microsoft Visual Studio Team Explorer 2022 
  • Microsoft Windows Desktop Runtime 8.0 
  • Microsoft Windows Desktop Runtime 9.0 

Detailed List of May 2025 Third-Party Patches 

For a complete list of applications, versions, and the number of remediated vulnerabilities, see the table below generated using Application Workspace data.  

ProductName VersionName Vulnerabilities remediated 
Apache Tomcat 10 10.1.41 
Apache Tomcat 11 11.0.7 
Apache Tomcat 9 9.0.105 
Brave Browser 1.78.102 
Brave Browser 1.78.97 
Burp Suite Community Edition 2025.4.2 
Burp Suite Community Edition 2025.5.1 
Burp Suite Professional Edition 2025.4.2 
Burp Suite Professional Edition 2025.5.1 
Chef Workstation 25.5.1084 12 
Chef Workstation for Windows 25.5.1084 12 
Electron 34.5.7 
Electron 35.5.0 
EnterpriseDB Corporation PostgreSQL 13 13.21.1 
EnterpriseDB Corporation PostgreSQL 14 14.18.1 
EnterpriseDB Corporation PostgreSQL 15 15.13.1 
EnterpriseDB Corporation PostgreSQL 16 16.9.1 
EnterpriseDB Corporation PostgreSQL 17 17.5 
EnterpriseDB Corporation PostgreSQL 17 17.5.1 
GNU Emacs 30.1.0 
Google Chrome for Business 136.0.7103.114 
Google Chrome for Business 136.0.7103.93 
Google Chrome for Business 137.0.7151.41 
Google Chrome for Business 137.0.7151.56 
Google Go Programming Language 1.24 1.24.3 
Gpg4win 4.4.1.63067 
IBM Semeru Runtime Open Edition JDK 11 (LTS) 11.0.27.6 
IBM Semeru Runtime Open Edition JDK 17 (LTS) 17.0.15.6 
IBM Semeru Runtime Open Edition JDK 8 (LTS) 8.0.452.9 
IBM Semeru Runtime Open Edition JRE 11 (LTS) 11.0.27.6 
IBM Semeru Runtime Open Edition JRE 17 (LTS) 17.0.15.6 
IBM Semeru Runtime Open Edition JRE 8 (LTS) 8.0.452.9 
Liberica JDK 11.0.27.9 
Liberica JDK 17.0.15.10 
Liberica JDK 8.0.452.11 
Liberica JDK Lite 11.0.27.9 
Liberica JDK Lite 21.0.7.9 
Liberica JDK Lite 8.0.452.11 
Liberica JRE 11.0.27.9 
Liberica JRE 21.0.7.9 
Liberica JRE 8.0.452.11 
MariaDB Server 10.11 10.11.12 
MariaDB Server 10.5 10.5.29.0 
MariaDB Server 10.6 10.6.22 
MariaDB Server 11.4 11.4.6 
Microsoft .NET Runtime 8.0 8.0.16 
Microsoft .NET Runtime 8.0 8.0.16.34815 
Microsoft .NET Runtime 9.0 9.0.5 
Microsoft .NET SDK 8.0 8.0.409 
Microsoft .NET SDK 8.0 8.0.410 
Microsoft .NET SDK 8.0 8.4.1025.26616 
Microsoft .NET SDK 8.0 8.4.925.21804 
Microsoft .NET SDK 9.0 9.0.300 
Microsoft 365 Apps 16.97.25051114 11 
Microsoft 365 Apps 2408 (Build 16.0.17928.20538) 13 
Microsoft 365 Apps 2503 (Build 16.0.18623.20266) 13 
Microsoft 365 Apps 2504 (Build 16.0.18730.20168) 13 
Microsoft ASP.NET Core Runtime 8.0 8.0.16 
Microsoft ASP.NET Core Runtime 8.0 8.0.16.25216 
Microsoft ASP.NET Core Runtime 9.0 9.0.5 
Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 8.0.16.25216 
Microsoft ASP.NET Core Runtime Hosting Bundle 9.0 9.0.5 
Microsoft Edge Beta 136.0.3240.50 
Microsoft Edge Beta 137.0.3296.52 13 
Microsoft Edge Beta 137.0.3296.52 11 
Microsoft Edge for Business 136.0.3240.50 
Microsoft Edge for Business 136.0.3240.64 
Microsoft Edge for Business 136.0.3240.76 
Microsoft Edge for Business 137.0.3296.52 11 
Microsoft Edge for Business 137.0.3296.52 13 
Microsoft Visual Studio 2017 Community 15.9.36101.55 
Microsoft Visual Studio 2017 Enterprise 15.9.36101.55 
Microsoft Visual Studio 2017 Professional 15.9.36101.55 
Microsoft Visual Studio 2019 Community 16.11.36107.64 
Microsoft Visual Studio 2019 Enterprise 16.11.36107.64 
Microsoft Visual Studio 2019 Professional 16.11.36107.64 
Microsoft Visual Studio 2022 Community 17.14.36109.1 
Microsoft Visual Studio 2022 Enterprise 17.10.36105.31 
Microsoft Visual Studio 2022 Enterprise 17.10.36117.0 
Microsoft Visual Studio 2022 Enterprise 17.12.36106.13 
Microsoft Visual Studio 2022 Enterprise 17.14.36109.1 
Microsoft Visual Studio 2022 Enterprise 17.8.36105.29 
Microsoft Visual Studio 2022 Professional 17.10.36105.31 
Microsoft Visual Studio 2022 Professional 17.10.36117.0 
Microsoft Visual Studio 2022 Professional 17.12.36106.13 
Microsoft Visual Studio 2022 Professional 17.14.36109.1 
Microsoft Visual Studio 2022 Professional 17.8.36105.29 
Microsoft Visual Studio Code 1.100.1 
Microsoft Visual Studio Feedback Client 2017 15.9.36101.55 
Microsoft Visual Studio Team Explorer 2017 15.9.36101.55 
Microsoft Visual Studio Team Explorer 2019 16.11.36107.64 
Microsoft Visual Studio Team Explorer 2022 17.14.36109.1 
Microsoft Windows Desktop Runtime 8.0 8.0.16.34817 
Microsoft Windows Desktop Runtime 9.0 9.0.5 
Mozilla Firefox 138.0.4 
Mozilla Firefox 139.0 10 
Mozilla Firefox ESR 115 115.23.1 
Mozilla Firefox ESR 115 115.24.0 
Mozilla Firefox ESR 128 128.10.1 
Mozilla Firefox ESR 128 128.11.0 
Mozilla Thunderbird 138.0.1 
Mozilla Thunderbird 139.0 
Mozilla Thunderbird ESR 128 128.10.1 
Mozilla Thunderbird ESR 128 128.10.2 
Mozilla Thunderbird ESR 128 128.11.0 
Node.js 20 LTS 20.19.2 
Node.js 22 LTS 22.15.1 
Node.js 23 23.11.1 
Node.js 24 24.0.2 
Opera One 119.0.5497.38 
Rider 2025.1.2 
Studio 3T 2025.8.0 
TeamCity 2025.03.2 
TurboVNC 3.2 
Vivaldi 7.3.3635.12 
Vivaldi 7.3.3635.14 
VMware Tools 12 12.4.7.24697291 
VMware Tools 12 12.5.2.24697584 
Waterfox 6.5.7 
Waterfox 6.5.7 10 

Conclusion 

Fast third-party patching protects your environment. May’s updates close critical gaps across browsers and apps—tightening security and boosting uptime. Check back next month for fresh insights. 

For a deeper look into how third-party patch management reduces your attack surface, explore our eBook Reduce Your Attack Footprint or follow our App Management and Patching series

Back to Top