Stay Ahead of Threats with the Latest Vulnerability Updates for October
Stay up to date on critical cyber risks, Microsoft’s October Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protecting your business from threats.
Quick Highlights
- Windows 10 End of Support
– Final patch released October 14
– No more updates unless enrolled in Extended Security Updates (ESU) or upgraded to Windows 11
– Now is the time to assess your upgrade path - Microsoft Patch Tuesday:
– 175 vulnerabilities disclosed
– 17 rated Critical, 6 are Zero-Day (3 actively exploited)
- Adobe Security Updates:
– 36 vulnerabilities patched across 12 products
– 24 rated Critical, affecting Illustrator, FrameMaker, Creative Cloud, and more
- High-Severity Advisories from Major Vendors:
– Cisco: 4 high-severity flaws, including SNMP RCE and Secure Boot bypass
– Fortinet: 2 high-severity flaws in FortiPAM and FortiOS
– SAP: 3 critical vulnerabilities in NetWeaver, Print Service, and SRM
– Ivanti: 5 high-severity flaws in EPMM and Neurons for MDM
- Top Threats to Watch:
– Crimson Collective targeting AWS with leaked keys and extortion tactics
– VMware CVE-2025-41244 zero-day exploited for privilege escalation
– Quishing 2.0: QR code phishing attacks evolving in sophistication
– Ransomware Cartel: LockBit, DragonForce & Qilin collaborating
– Oyster Malware via fake Microsoft Teams installers
– Weaponized DFIR Tools: Velociraptor abused in ransomware attacks
– AI-Driven Threats: ShadowLeak zero-click exploit in ChatGPT; AI-generated phishing and malware
Windows 10 Reaches End of Support
As of October 14, 2025, Microsoft has officially ended support for Windows 10. This month’s Patch Tuesday was the final security update for the OS—unless your organization enrolls in the Extended Security Updates (ESU) program.
What This Means for Your Organization:
- No more security patches or bug fixes for Windows 10 devices
- Increased exposure to vulnerabilities and compliance risks
- Continued support requires either:
– Enrolling in Microsoft’s paid ESU program, or
– Upgrading to Windows 11
Need help planning your transition?
Fortress SRM can help assess your environment, prioritize upgrades, and ensure your endpoints remain patch-compliant and secure.
Patch Tuesday Summary
Microsoft October 2025 Patch Tuesday
175 vulnerabilities disclosed, including 8 critical and 6 zero-days. By category:
- 80 Elevation of Privilege
- 31 Remote Code Execution
- 28 Information Disclosure
- 11 Security Feature Bypass
- 11 Denial of Service
- 10 Spoofing
Critical Common Vulnerabilities and Exposures (CVEs)
Windows Zero-Days
| CVE-ID | Details | Severity | Exploited? |
| CVE-2025-24990 | Windows Agere Modem Driver Elevation of Privilege Vulnerability | High | Yes |
| CVE-2025-24052 | Windows Agere Modem Driver Elevation of Privilege Vulnerability | High | No |
| CVE-2025-59230 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | High | Yes |
| CVE-2025-47827 | Secure Boot bypass in IGEL OS before 11 | Medium | Yes |
| CVE-2025-0033 | RMP corruption during SNP initialization in AMD Restricted Memory Page | Medium | No |
| CVE-2025-2884 | Out-of-bounds read bug in TCG TPM2.0 reference implementation. | Medium | No |
Other Critical CVE’s Worth Mentioning
| CVE-ID | Details | Severity | Exploited? |
| CVE-2025-59287 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability | Critical | No |
| CVE-2025-59246 CVE-2025-59218 | Azure Entra ID Elevation of Privilege Vulnerability | Critical | No |
| CVE-2025-59234 | Microsoft Office Remote Code Execution Vulnerability | Critical | No |
| CVE-2025-49708 | Microsoft Graphics Component Elevation of Privilege Vulnerability | Critical | No |
| CVE-2025-59291 | Elevation of Privilege Flaw in Confidential Azure Container Instances | Critical | No |
| CVE-2025-59292 | Elevation of Privilege Flaw in Azure Compute Gallery | Critical | No |
| CVE-2025-59227 | Remote Code Execution Vulnerability in Microsoft Office | Critical | No |
| CVE-2025-59247 | Elevation of Privilege Flaw in Azure PlayFab | Critical | No |
| CVE-2025-59252 CVE-2025-59272 CVE-2025-59286 | M365 Copilot Spoofing Vulnerability | Critical | No |
| CVE-2025-59271 | Elevation of Privilege Flaw in Redis Enterprise | Critical | No |
| CVE-2025-55321 | Spoofing Vulnerability in Azure Monitor Log Analytics | Critical | No |
| CVE-2025-59236 | Remote Code Execution Vulnerability in Microsoft Excel | Critical | No |
| CVE-2016-9535 | Heap Bugger Overflow in LibTIFF | Critical | No |
3rd Party Critical CVE’s Worth Mentioning
Adobe Products *
| CVE-ID(s) | Affected Product | Critical Issues | Key Risks |
| CVE-2025-49552 CVE-2025-49553 CVE-2025-54196 | Connect https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 | 2 Critical | Arbitrary code execution Security feature bypass |
| CVE-2025-54263 CVE-2025-54264 CVE-2025-54265 CVE-2025-54266 CVE-2025-54267 | Commerce | 2 Critical | Security feature bypass Privilege escalation Arbitrary code execution |
| CVE-2025-54271 | Creative Cloud | 0 Critical | Arbitrary file system write |
| CVE-2025-54268 CVE-2025-54278 | Bridge | 1 Critical | Arbitrary code execution Memory exposure |
| CVE-2025-54279 CVE-2025-61804 CVE-2025-54269 CVE-2025-54270 | Animate | 2 Critical | Arbitrary code execution Memory exposure |
| CVE-2025-54272 CVE-2025-61796 CVE-2025-61797 | Experience Manager Screens | 0 Critical | Arbitrary code execution |
| CVE-2025-54273 CVE-2025-54274 CVE-2025-54280 CVE-2025-54275 | Substance 3D Viewer | 3 Critical | Arbitrary code execution Application DoS |
| CVE-2025-54276 | Substance 3D Modeler | 1 Critical | Arbitrary code execution |
| CVE-2025-54281 CVE-2025-54282 | FrameMaker | 2 Critical | Arbitrary code execution |
| CVE-2025-54283 CVE-2025-54284 | Illustrator | 2 Critical | Arbitrary code execution |
| CVE-2025-61798 CVE-2025-61799 CVE-2025-61800 CVE-2025-61801 | Dimension | 4 Critical | Arbitrary code execution |
| CVE-2025-61802 CVE-2025-61803 CVE-2025-61805 CVE-2025-61806 CVE-2025-61807 | Substance 3D Stager | 5 Critical | Arbitrary code execution |
Cisco *
| CVE-ID(s) | Affected Product | Description | Severity | Exploited? |
| CVE-2025-20350 CVE-2025-20351https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 | Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 | SIP software DoS vulnerabilities | High | No |
| CVE-2025-20313 CVE-2025- 20314 | Cisco IOS XE | Secure Boot Bypass | High | No |
| CVE-2025-20352 | Cisco IOS / IOS XE | SNMP RCE & DoS | High | Yes |
| CVE-2025-20160 | Cisco IOS and IOS XE | TACACS+ Authentication Bypass | High | No |
Fortinet *
| CVE-ID | Affected Product | Description | Severity | Exploited? |
| CVE-2025-49201https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 | FortiPAM and FortiSwitch Manager | Weak authentication allows brute-force bypass | High | No |
| CVE-2025-58325 | FortiOS | Local authenticated attacker can execute system commands | High | No |
Ivanti *
| CVE-ID(s) | Affected Product | Description | Severity | Exploited? |
| CVE-2025-10242 CVE-2025-10243 CVE-2025-10985 CVE-2025-10986 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 | Ivanti EPMM | OS Command Injection and Path traversals via remote authenticated attacker | High | No |
| CWE-862 CWE-308 CWE-306 | Ivanti Neurons for MDM | Missing authentication and MFA bypass | High | No |
Ivanti October 2025 Security Update →
SAP *
| CVE-ID | Affected Component | Description | Severity | Exploited? |
| CVE-2025-42944 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 | SAP NetWeaver AS Java | Insecure Deserialization | Critical | No |
| CVE-2025-42937 | SAP Print Service | Directory Traversal Vulnerability | Critical | No |
| CVE-2025-42910 | SAP Supplier Relationship Management | Unrestricted File Upload Flaw | Critical | No |
SAP October 2025 Security Notes →
Google Chrome
- Version: 141.0.7390.107/.108 (Windows and Mac), 141.0.7390.107 (Linux)
- Release Date: October 14, 2025
- Key Fixes: Security fix for CVE-2025-11756
* Not handled by Fortress SRM.
Threat Intelligence Trends – October 2025
The following resources are grouped by threat type / category.
Emerging Threats
Crimson Collective Targeting Cloud Environments
A newly identified threat group, Crimson Collective, has been observed compromising AWS environments using leaked long-term access keys. They escalate privileges via IAM policies, exfiltrate sensitive data, and follow up with extortion attempts. Read more →
Zero-Day Alert: VMware CVE-2025-41244 Privilege Escalation
NVISO Labs identified active exploitation of CVE-2025-41244, a local privilege escalation flaw in VMware’s guest service discovery. The vulnerability allows attackers to elevate privileges and potentially pivot within virtualized environments. Read more →
Quishing 2.0: QR Code Phishing Evolves
Cybercriminals are refining quishing attacks using fake QR codes embedded in emails, flyers, and public spaces. These codes redirect users to phishing sites or initiate malware downloads. Read more →
Ransomware & Malware Deployment
LockBit, DragonForce & Qilin Form Ransomware Cartel
Three major ransomware groups have formed a criminal cartel to coordinate attacks and share infrastructure. Read more →
Malvertising Campaign: Oyster Malware via Fake Teams Installers
Threat actors are using SEO poisoning and malicious ads to distribute trojanized Microsoft Teams installers. These fake installers deploy Oyster (aka Broomstick), a modular backdoor that enables persistent remote access and stealthy data exfiltration. Read more →
Velociraptor DFIR Tool Weaponized
Threat actors are abusing the legitimate Velociraptor forensic tool to deploy ransomware like LockBit and Babuk. This marks a troubling trend of security tools being repurposed for attacks. Read more →
Group: Storm-2603 (China-based)
Cephalus Ransomware via DLL Sideloading
A new ransomware variant, Cephalus, uses DLL sideloading through SentinelOne binaries and RDP access without MFA. Read more →
Cloud & Infrastructure Exploits
SonicWall SSLVPN Exploitation
Akira ransomware actors are exploiting SonicWall VPNs using BYOVD techniques and clearing logs to evade detection. Read more →
Discord Data Breach via Third-Party Vendor
A breach at Discord’s support vendor exposed 70,000 government ID photos and personal data. Read more →
Clop Claims Oracle E-Business Suite Data Theft
The Clop ransomware group has reportedly sent extortion emails claiming to have stolen data from Oracle E-Business Suite environments. While the full scope of the breach is unclear, the tactic aligns with Clop’s recent shift toward data-centric extortion rather than encryption. Read more →
AI-Driven Threats
AI-Powered Malware & Phishing
Russia-linked groups are using AI to generate phishing lures and malware like WRECKSTEEL and GIFTEDCROOK. Read more →
Zero-Click AI Exploit: ShadowLeak Vulnerability in ChatGPT
Radware disclosed ShadowLeak, a zero-click prompt injection vulnerability in ChatGPT’s enterprise integrations. Malicious emails can silently trigger data exfiltration from OpenAI’s servers without user interaction, bypassing traditional security controls. Read more →
Recommended Actions
Mitigations
- Prioritize patching all actively exploited zero-days from Microsoft and VMware.
- Disable unused services on Cisco IOS XE and Fortinet appliances to reduce attack surface.
- Enforce MFA across all cloud and identity platforms.
- Restrict QR code scanning on unmanaged devices to mitigate quishing attacks.
- Update endpoint protection to detect AI-generated malware variants.
Monitoring
- Watch for suspicious authentication attempts in Azure, Fortinet, and Ivanti logs.
- Monitor for unexpected outbound traffic from Teams or Office installations (possible Oyster malware).
- Track file uploads and downloads in SAP SRM and Print Service environments.
- Set alerts for SNMP activity spikes on Cisco devices (possible CVE-2025-20352 exploitation).
Detection Tips
- Use YARA or Sigma rules to detect:
– Velociraptor misuse in ransomware campaigns
– ShadowLeak zero-click exploit indicators in AI platforms - Deploy honeypots or deception tools to detect brute-force attempts on FortiPAM and Secure Boot bypass attempts on Cisco IOS XE.
- Leverage threat intel feeds to identify Crimson Collective and LockBit cartel infrastructure.
About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering
Why Patching Matters
Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities.
Vigilant Managed Cyber Hygiene
Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management.
- Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications
- Critical patches, OS upgrades, and configuration updates for all devices, on/off network
- 24/7/365 U.S.-based monitoring and real-time reporting for full visibility
Stay Protected. Stay Proactive.
Learn how Fortress SRM can enhance your cybersecurity strategy →