Patch Tuesday – November 2025


Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet.

Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as less likely to see exploitation. Five browser vulnerabilities and a dozen or so fixes for Azure Linux (aka Mariner) have already been published separately this month, and are not included in the total.

Read more…
Source: Rapid7


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Microsoft releases urgent SharePoint security flaw patches

    July 21, 2025

    Microsoft has released an urgent patch to fix a zero-day vulnerability affecting on-premises SharePoint servers. The vulnerability is already being exploited in the wild, which is why users are urged to apply the patch immediately and secure their assets. Three Microsoft products were said to be affected: SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint ...

  • Google Releases Security Update for Chrome

    July 18, 2025

    Google has released version 138.0.7204.157/.158 for Chrome for Windows and Mac and 138.0.7204.157 for Chrome for Linux, which will roll out over the coming days/weeks. The updates address three high severity vulnerabilities, including CVE-2025-6558, which has an exploit in the wild. CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU vulnerability – CVSSv3 score: 8.8 Read ...

  • Google Releases Security Updates for Chrome

    July 1, 2025

    Google has released updates to Chrome stable channels to address a high severity vulnerability. CVE-2025-6554 is a “type confusion” vulnerability in the V8 JavaScript browser engine. An attacker could exploit this vulnerability to perform arbitrary read/write by convincing a user to visit a malicious HTML page. Google is aware that an exploit for CVE-2025-6554 exists in ...

  • Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

    June 25, 2025

    Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 ...

  • BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access

    June 19, 2025

    BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a ...

  • CVE-2025-4365/CVE Unassigned: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

    June 18, 2025

    During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability (CVE-2025-4365) was identified in NetScaler Console version 14.1.8.50 and found to affect versions of NetScaler Console and ...