October 2025 Enterprise Software and ICS Security Advisories and Patch Releases

Major enterprise software vendors and industrial control system (ICS) security authorities released coordinated security advisories and patches between October 6 and 14, 2025, addressing critical vulnerabilities across a wide range of products. IBM published multiple security advisories for its products, urging users and administrators to review the details and apply necessary updates to mitigate potential exploitation risks. Dell issued a security advisory for its SupportAssist software for both Home and Business PCs, highlighting a vulnerability in versions prior to 4.8.2.29006 and 4.5.3.25254, respectively, and recommending immediate updates. Red Hat released advisories for vulnerabilities in the Linux kernel affecting several of its enterprise products, including Red Hat CodeReady Linux Builder, Red Hat Enterprise Linux, and Red Hat Enterprise Linux for Real Time, across multiple versions and platforms. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published ICS advisories for vulnerabilities in products from Delta Electronics, Hitachi Energy, and Rockwell Automation, with specific attention to various versions of DIAScreen, Asset Suite, and multiple Rockwell Automation network and firewall solutions, recommending mitigations and updates where available. SAP released its October 2025 monthly security rollup, which included patches for a broad set of products such as SAP NetWeaver AS Java, SAP Print Service, SAP Supplier Relationship Management, SAP Commerce Cloud, SAP Data Hub Integration Suite, SAP Application Server for ABAP, SAP S/4HANA, SAP Financial Service Claims Management, SAP BusinessObjects, and SAP Cloud Appliance Library Appliances. The SAP advisories specifically addressed vulnerabilities in NetWeaver, including unauthenticated remote code execution (RCE) risks, and provided detailed guidance for affected versions. Security researchers highlighted the criticality of the SAP NetWeaver flaw, emphasizing the unauthenticated RCE risk and the urgent need for patching to prevent potential exploitation. The coordinated release of these advisories underscores the ongoing threat landscape facing enterprise and ICS environments, where timely patching and mitigation are essential to maintaining security. Organizations are strongly encouraged to review all relevant advisories, assess their exposure, and implement recommended updates and mitigations without delay. The advisories reflect a broad spectrum of vulnerabilities, from privilege escalation and RCE to authentication bypass and information disclosure, affecting both IT and OT environments. The inclusion of ICS products in the advisories highlights the convergence of IT and OT security concerns and the need for cross-domain vigilance. The security community and government agencies continue to collaborate in disseminating timely information to help organizations defend against emerging threats. The October 2025 patch cycle demonstrates the complexity and interdependence of modern enterprise and industrial systems, where vulnerabilities in widely deployed products can have far-reaching consequences. Proactive vulnerability management, including regular review of vendor advisories and prompt application of patches, remains a cornerstone of effective cybersecurity strategy. Failure to address these advisories could leave organizations exposed to targeted attacks, ransomware, or disruption of critical business and industrial operations. The breadth of affected products and vendors in this cycle serves as a reminder of the persistent and evolving nature of cyber risk in the digital enterprise.