Stay Ahead of Threats with the Latest Vulnerability Updates for November
Stay up to date on critical cyber risks, Microsoft’s November Patch Tuesday, and other notable third-party vulnerabilities. Timely patching is key to maintaining a strong security posture and protecting your business from threats.
Quick Highlights
- Microsoft Patch Tuesday:
– 63 vulnerabilities disclosed
– 4 rated Critical, 1 Zero-Day (actively exploited)
- Adobe Security Updates:
– 29 vulnerabilities patched across 8 products
– 23 rated Critical, affecting InDesign, inCopy, Photoshop, Illustrator, Illustrator Mobile, Pass, Substance 3D Stager, and Format Plugins
- High-Severity Advisories from Major Vendors:
– Cisco: 3 critical-severity flaws and 1 high-severity flaws, in Unified CCX, Secure Firewall ASA, Secure FTD, IOS/IOS XE/IOS XR, ISE RADIUS
– Fortinet: 1 medium-severity flaw in FortiOS
– Ivanti: 1 high-severity flaw in Ivanti Endpoint Manager
– SAP: 3 critical vulnerabilities in NetWeaver AS Java, SQL Anywhere Monitor, and Solution Manager
– Google Chrome: 1 high-severity flaw fixed in security updates
– Mozilla Firefox: 9 high-severity flaws fixed in security updates
- Top Threats to Watch:
– Microsoft Teams Exploitation – Vulnerabilities enabling impersonation, message manipulation, and spoofing in Teams
– Advanced Persistent Threat (APT) Activity – Increased operations by China-, Iran-, and North Korea-aligned groups
– AI-Driven Cyberattacks – Threat actors leveraging AI for prompt injection, social engineering, and malware
– Sophisticated Social Engineering Campaigns – Large-scale smishing, phishing kits like Quantum Route Redirect, and gift card fraud
Windows 10 Reaches End of Support
As of October 14, 2025, Microsoft has officially ended support for Windows 10. October’s Patch Tuesday was the final security update for the OS—unless your organization enrolls in the Extended Security Updates (ESU) program.
- What This Means for Your Organization:
– No more security patches or bug fixes for Windows 10 devices
– Increased exposure to vulnerabilities and compliance risks
- Continued support requires either:
– Enrolling in Microsoft’s paid ESU program, or
– Upgrading to Latest Version of Windows 11
Need help planning your transition?
Fortress SRM can help assess your environment, prioritize upgrades, and ensure your endpoints remain patch-compliant and secure.
Patch Tuesday Summary
Microsoft November 2025 Patch Tuesday
63 vulnerabilities disclosed, including 4 critical and 1 zero-day. By category:
- 29 Elevation of Privilege
- 16 Remote Code Execution
- 11 Information Disclosure
- 3 Denial of Service
- 2 Security Feature Bypass
- 2 Spoofing
Critical Common Vulnerabilities and Exposures (CVEs)
Windows Zero-Days
| CVE-ID | Details | Severity | Exploited? |
| CVE-2025-62215 | Windows Kernel Elevation of Privilege Vulnerability | Exploited Zero-Day | Yes |
Other Critical CVE’s Worth Mentioning
| CVE-ID | Details | Severity | Exploited? |
| CVE-2025-62199 | Microsoft Office Remote Code Execution Vulnerability | Critical | No |
| CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability | Critical | No |
| CVE-2025-62214 | Visual Studio Remote Code Execution Vulnerability | Critical | No |
| CVE-2025-60716 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Critical | No |
Microsoft November 2025 Security Update Release
3rd Party Critical CVE’s Worth Mentioning
Adobe Products *
| CVE-ID(s) | Affected Product | Critical Issues | Key Risks |
| CVE-2025-61814 CVE-2025-61815 CVE-2025-61824 CVE-2025-61832 | InDesign | 4 Critical | Arbitrary Code Execution |
| CVE-2025-61816 CVE-2025-61817 CVE-2025-61818 | InCopy | 3 Critical | Arbitrary Code Execution |
| CVE-2025-61819 | Photoshop | 1 Critical | Arbitrary Code Execution |
| CVE-2025-61820 CVE-2025-61831 | Illustrator | 2 Critical | Arbitrary Code Execution |
| CVE-2025-61826 CVE-2025-61827 CVE-2025-61828 CVE-2025-61829 CVE-2025-61836 | Illustrator Mobile | 5 Critical | Arbitrary Code Execution |
| CVE-2025-61830 | Pass | 1 Critical | Security Feature Bypass |
| CVE-2025-61833 CVE-2025-61834 CVE-2025-64531 CVE-2025-61835 | Substance 3D Stager | 4 Critical | Arbitrary Code Execution |
| CVE-2025-61837 CVE-2025-61838 CVE-2025-61839 CVE-2025-61840 CVE-2025-61841 CVE-2025-61842 CVE-2025-61843 CVE-2025-61844 CVE-2025-61845 | Format Plugins | 3 Critical | Arbitrary Code Execution Memory Exposure |
Cisco *
| CVE-ID(s) | Affected Product | Description | Severity | Exploited? |
| CVE-2025-20354 CVE-2025-20358 | Cisco Unified CCX | Remote Code Execution Vulnerabilities | Critical | No |
| CVE-2025-20363 | Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software | Web Services Remote Code Execution Vulnerability | Critical | No |
| CVE-2025-20333 | Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software | Web Server Remote Code Execution Vulnerability | Critical | Yes |
| CVE-2025-20343 | Cisco Identity Services Engine (ISE) RADIUS | Denial of Service Vulnerability | High | No |
Fortinet *
| CVE-ID | Affected Product | Description | Severity | Exploited? |
| CVE-2025-24477 | FortiOS cw_staddaemon | Heap-Based Buffer Overflow Vulnerability | Medium | No |
Ivanti *
| CVE-ID(s) | Affected Product | Description | Severity | Exploited? |
| CVE-2025-10918 | Ivanti Endpoint Manager (EPM) | Arbitrary File Write on Disk | High | No |
Ivanti November 2025 Security Update
SAP *
| CVE-ID | Affected Component | Description | Severity | Exploited? |
| CVE-2025-42890 | SQL Anywhere Monitor (Non-Gui) | Insecure key & Secret Management vulnerability | Critical | No |
| CVE-2025-42944 | SAP NetWeaver AS Java | Security Hardening for Insecure Deserialization | Critical | No |
| CVE-2025-42887 | SAP Solution Manager | Code Injection vulnerability | Critical | No |
| CVE-2025-42940 | SAP CommonCryptoLib | Memory Corruption vulnerability | High | No |
SAP November 2025 Security Notes
Google Chrome
- Version: 142.0.7444.175/.176 (Windows and Mac), 142.0.7444.175 (Linux)
- Release Date: November 11, 2025
- Key Fixes: Security fix for CVE-2025-13223 and CVE-2025-13224
Mozilla Firefox
- Version: Firefox 145
- Release Date: November 11, 2025
- Key Fixes: Security fix for 9 high severity CVE’s, including CVE-2025-13021, CVE-2025-13022, CVE-2025-13012, CVE-2025-13023, CVE-2025-13016, CVE-2025-13024, CVE-2025-13025, CVE-2025-13026, CVE-2025-13027
* Not handled by Fortress SRM.
Threat Intelligence Trends – November 2025
The following resources are grouped by threat type / category.
Emerging Threats
Exploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed
Check Point Research uncovered four vulnerabilities in Microsoft Teams that allowed attackers to impersonate executives, manipulate messages, spoof notifications, and forge identities in video and audio calls. Read more →
APT Activity Report Q2 2025–Q3 2025
ESET’s APT Activity Report for Q2–Q3 2025 highlights increased operations by China-aligned groups using adversary-in-the-middle techniques, Iran-aligned actors ramping up internal spearphishing, and North Korea-aligned hackers expanding cryptocurrency attacks into new regions like Uzbekistan. Read more →
Preparing for Threats to Come: Cybersecurity Forecast 2026
Google Cloud’s Cybersecurity Forecast 2026 predicts that threat actors will fully embrace AI-driven attacks, using techniques like prompt injection and AI-enabled social engineering, while defenders counter with AI agents and advanced identity management. Read more →
Ransomware & Malware Deployment
Uncovering Qilin Attack Methods Exposed Through Multiple Cases
The Qilin ransomware group (formerly Agenda) has emerged as one of the most prolific ransomware threats, using a double-extortion model that combines file encryption with public data leaks. Read more →
Social Engineering Exploits
Jingle Thief: Inside a Cloud Based Gift Card Fraud Campaign
The Jingle Thief campaign is a cloud-based gift card fraud operation exploiting Microsoft 365 environments using phishing and smishing, run by financially motivated threat actors based in Morocco. Read more →
The Smishing Deluge: China-Based Campaign Flooding Global Text Messages
The Smishing Deluge campaign, attributed to the Smishing Triad, is a large-scale, decentralized smishing operation using fraudulent SMS messages about toll violations and package misdelivery to steal sensitive data. Read more →
Quantum Route Redirect: Anonymous Tool Streamlining Global Phishing Attack
The Quantum Route Redirect phishing kit is an advanced automation platform that streamlines global phishing campaigns targeting Microsoft 365 users, turning complex setups into simple one-click launches. Read more →
Black Friday Scams – How to Detect the Red Flags and Protect your wallet and Data
Cybercriminals are exploiting Black Friday shopping trends with scams that use fake retail websites, phishing emails, and malicious ads to steal payment information and personal data. Read more →
AI-Driven Threats
First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT
LayerX discovered the first vulnerability in OpenAI’s ChatGPT Atlas browser, which allows attackers to inject malicious instructions into ChatGPT’s memory via a Cross-Site Request Forgery (CSRF) exploit. Read more →
GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools
Google Threat Intelligence reports that threat actors have moved beyond using AI for productivity and are now deploying AI-enabled malware that dynamically generates malicious scripts and evades detection. Read more →
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Read more →
Recommended Actions
Mitigations
- Apply all Microsoft November Patch Tuesday updates, prioritizing critical and zero-day CVEs (e.g., CVE-2025-62215).
- Upgrade or enroll in Extended Security Updates (ESU) for Windows 10 devices to maintain compliance and reduce exposure.
- Patch third-party applications promptly, especially Adobe, Cisco, and SAP products with critical vulnerabilities.
- Harden email and collaboration platforms (Microsoft 365, Teams) against phishing and impersonation attacks by enabling safe links, anti-spoofing policies, and conditional access.
Monitoring
- Monitor for signs of exploitation of zero-day vulnerabilities and critical CVEs in Microsoft and third-party products.
- Track anomalous login activity, especially from new geolocations or impossible travel scenarios, to detect APT and social engineering campaigns.
- Watch for large-scale smishing/phishing attempts and suspicious redirects (Quantum Route Redirect indicators).
- Enable cloud app security monitoring for Microsoft 365 and Google Workspace to detect unauthorized gift card issuance or mailbox rule changes.
About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering
Why Patching Matters
Unpatched software is a leading cause of breaches—nearly 1 in 3 attacks exploit known vulnerabilities.
Vigilant Managed Cyber Hygiene
Fortress SRM’s Vigilant Managed Cyber Hygiene simplifies patch management.
- Automated updates with 97%+ success rate for Microsoft & 100+ third-party applications
- Critical patches, OS upgrades, and configuration updates for all devices, on/off network
- 24/7/365 U.S.-based monitoring and real-time reporting for full visibility
Stay Protected. Stay Proactive.
Learn how Fortress SRM can enhance your cybersecurity strategy →