October 2025 Patch Tuesday Security Updates from Microsoft, Adobe, SAP, and Ivanti
Microsoft, Adobe, SAP, and Ivanti released a coordinated set of security updates addressing over 200 vulnerabilities as part of the October 2025 Patch Tuesday. Microsoft led the effort by patching more than 175 vulnerabilities, including three that are actively being exploited in the wild. Among the most severe issues is a critical remote code execution vulnerability in Windows Server Update Services, identified as CVE-2025-59287, which could allow unauthenticated attackers to execute arbitrary code via unsafe object deserialization. Two other exploited vulnerabilities, CVE-2025-24990 and CVE-2025-59230, are elevation-of-privilege flaws affecting Windows components. Additionally, Microsoft addressed a Secure Boot bypass vulnerability in Linux-based IGEL OS (CVE-2025-47827) and disclosed several publicly known issues, such as CVE-2025-0033 in AMD EPYC processors, which remains unpatched, as well as flaws in TPM 2.0 reference code and the Agere Modem driver. Seventeen of Microsoft’s patched vulnerabilities were rated as critical, underscoring the urgency for organizations to apply updates.
Adobe released 12 security bulletins covering 36 unique CVEs across a range of products, including Connect, Commerce, Creative Cloud Desktop, Bridge, Animate, Experience Manager Screens, Substance 3D Viewer, Substance 3D Modeler, FrameMaker, Illustrator, Dimension, and Substance 3D Stager. The most critical Adobe updates addressed five code execution vulnerabilities in Substance 3D Stager and four in Dimension. Illustrator’s patch fixed two code execution bugs, while Commerce’s update resolved five CVEs, including two security feature bypasses. FrameMaker’s update addressed two critical code execution vulnerabilities. Other Adobe products, such as Animate and Substance 3D Viewer, also received patches for critical issues. Notably, none of the Adobe vulnerabilities were publicly known or under active attack at the time of release.
SAP contributed by issuing 17 security notes, with four addressing critical command execution vulnerabilities in NetWeaver. Ivanti released patches for Endpoint Manager Mobile and Neurons for MDM, though none of these vulnerabilities had been exploited prior to the update. Security teams are strongly advised to prioritize the deployment of these patches to mitigate the risk of exploitation, especially for those vulnerabilities already being targeted by threat actors. The breadth of affected products highlights the ongoing need for comprehensive patch management across diverse enterprise environments. The updates reflect a continued trend of attackers focusing on privilege escalation and remote code execution flaws, which can have significant impact if left unaddressed. Organizations should also be aware of the unpatched AMD EPYC processor vulnerability and monitor for future updates. The coordinated release of these patches demonstrates the industry’s commitment to addressing security risks in a timely manner. Regular review of vendor advisories and prompt application of updates remain critical components of an effective cybersecurity strategy. The October 2025 Patch Tuesday serves as a reminder of the evolving threat landscape and the importance of maintaining up-to-date defenses. Security professionals should review the detailed advisories for each product to ensure all relevant patches are applied. The inclusion of both actively exploited and critical vulnerabilities in this cycle underscores the need for vigilance and rapid response. By addressing these vulnerabilities, organizations can significantly reduce their exposure to cyber threats.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Microsoft and other vendors release October 2025 security updates
On October 14, 2025, Microsoft and other technology vendors issued their monthly security updates, collectively fixing hundreds of vulnerabilities. The releases were covered in Microsoft's October 2025 Patch Tuesday review and subsequent reporting.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
February 2026 Patch Tuesday Security Updates for Microsoft Windows and Adobe Products
Microsoft and Adobe released their **February 2026 Patch Tuesday** security updates, with Microsoft addressing **58 vulnerabilities** and reporting **six actively exploited zero-day flaws** as part of the month’s fixes. Microsoft also continued its rollout of **replacements for expiring Secure Boot certificates** and shipped the Windows 10 **KB5075912** Extended Security Update (ESU) for eligible systems (e.g., Windows 10 Enterprise LTSC and ESU-enrolled devices), updating builds to **19045.6937** (Windows 10) and **19044.6937** (LTSC 2021). In addition to security fixes, KB5075912 includes reliability remediation for an issue where some **Secure Launch-capable** PCs with **VSM** enabled could not shut down or hibernate after January 2026 security updates. Adobe published **nine security bulletins** covering **44 CVEs** across products including *After Effects, Audition, InDesign, Adobe Bridge, Lightroom Classic,* and multiple *Substance 3D* applications, with several issues rated **Critical** and potentially leading to **code execution** (notably in *After Effects* and *Substance 3D Stager*). Adobe stated that, at release time, none of the addressed vulnerabilities were listed as publicly known or under active attack, contrasting with Microsoft’s disclosure of in-the-wild exploitation for multiple zero-days in the same Patch Tuesday cycle.
Mar 21, 2026
October 2025 Enterprise Software and ICS Security Advisories and Patch Releases
Major enterprise software vendors and industrial control system (ICS) security authorities released coordinated security advisories and patches between October 6 and 14, 2025, addressing critical vulnerabilities across a wide range of products. IBM published multiple security advisories for its products, urging users and administrators to review the details and apply necessary updates to mitigate potential exploitation risks. Dell issued a security advisory for its SupportAssist software for both Home and Business PCs, highlighting a vulnerability in versions prior to 4.8.2.29006 and 4.5.3.25254, respectively, and recommending immediate updates. Red Hat released advisories for vulnerabilities in the Linux kernel affecting several of its enterprise products, including Red Hat CodeReady Linux Builder, Red Hat Enterprise Linux, and Red Hat Enterprise Linux for Real Time, across multiple versions and platforms. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published ICS advisories for vulnerabilities in products from Delta Electronics, Hitachi Energy, and Rockwell Automation, with specific attention to various versions of DIAScreen, Asset Suite, and multiple Rockwell Automation network and firewall solutions, recommending mitigations and updates where available. SAP released its October 2025 monthly security rollup, which included patches for a broad set of products such as SAP NetWeaver AS Java, SAP Print Service, SAP Supplier Relationship Management, SAP Commerce Cloud, SAP Data Hub Integration Suite, SAP Application Server for ABAP, SAP S/4HANA, SAP Financial Service Claims Management, SAP BusinessObjects, and SAP Cloud Appliance Library Appliances. The SAP advisories specifically addressed vulnerabilities in NetWeaver, including unauthenticated remote code execution (RCE) risks, and provided detailed guidance for affected versions. Security researchers highlighted the criticality of the SAP NetWeaver flaw, emphasizing the unauthenticated RCE risk and the urgent need for patching to prevent potential exploitation. The coordinated release of these advisories underscores the ongoing threat landscape facing enterprise and ICS environments, where timely patching and mitigation are essential to maintaining security. Organizations are strongly encouraged to review all relevant advisories, assess their exposure, and implement recommended updates and mitigations without delay. The advisories reflect a broad spectrum of vulnerabilities, from privilege escalation and RCE to authentication bypass and information disclosure, affecting both IT and OT environments. The inclusion of ICS products in the advisories highlights the convergence of IT and OT security concerns and the need for cross-domain vigilance. The security community and government agencies continue to collaborate in disseminating timely information to help organizations defend against emerging threats. The October 2025 patch cycle demonstrates the complexity and interdependence of modern enterprise and industrial systems, where vulnerabilities in widely deployed products can have far-reaching consequences. Proactive vulnerability management, including regular review of vendor advisories and prompt application of patches, remains a cornerstone of effective cybersecurity strategy. Failure to address these advisories could leave organizations exposed to targeted attacks, ransomware, or disruption of critical business and industrial operations. The breadth of affected products and vendors in this cycle serves as a reminder of the persistent and evolving nature of cyber risk in the digital enterprise.
Mar 21, 2026
February Patch Releases Address Actively Exploited Windows Zero-Days and High-Severity Chrome Vulnerabilities
A broad set of February security updates shipped across major vendors, led by **Microsoft** releasing fixes for **59 Windows flaws**, including **six actively exploited zero-days** affecting multiple Windows components with impacts spanning security feature bypass, privilege escalation, and denial-of-service. **Adobe** also issued updates across creative products (e.g., *Audition*, *After Effects*, *InDesign*, *Lightroom Classic*), stating it is not aware of in-the-wild exploitation of the addressed issues. **SAP** published fixes for two critical vulnerabilities: `CVE-2026-0488` (CVSS 9.9), a code/SQL injection issue in SAP CRM and SAP S/4HANA that could enable arbitrary SQL execution and full database compromise, and `CVE-2026-0509` (CVSS 9.6), a missing authorization check in SAP NetWeaver AS ABAP/ABAP Platform that could allow low-privileged users to perform background RFC actions without required `S_RFC` authorization (mitigations include a kernel update and profile parameter changes). Separately, **Google/Chromium** released **Chrome/Chromium 144** updates addressing **11 CVEs** including high-severity issues in **V8** and **Blink** (notably `CVE-2026-1220`, a V8 race condition), with no confirmed public reporting of active exploitation for those Chrome bugs at the time of publication; **Intel and Google** also reported multiple vulnerabilities in **Intel TDX 1.5** (including `CVE-2025-32007`, `CVE-2025-27940`, `CVE-2025-30513`, `CVE-2025-27572`, `CVE-2025-32467`).
Mar 21, 2026