Microsoft’s October 2025 Patch Tuesday includes fixes for 172 vulnerabilities, with six zero-days: three publicly disclosed and three confirmed as exploited. Eight flaws are classified as critical, including five remote code execution vulnerabilities and three elevation of privilege flaws.
Breakdown of Vulnerabilities
- 80 Elevation of Privilege vulnerabilities
- 31 Remote Code Execution vulnerabilities
- 28 Information Disclosure vulnerabilities
- 11 Security Feature Bypass vulnerabilities
- 11 Denial of Service vulnerabilities
- 10 Spoofing vulnerabilities
These totals do not include vulnerabilities in Azure, Mariner, Microsoft Edge, and other components fixed earlier in the month. This month also marks the official end of free support for Windows 10. Organizations can continue receiving updates through Microsoft’s Extended Security Updates (ESU) program—one year for consumers and up to three years for enterprise customers.
Zero-Day Vulnerability
CVE-2025-24990 | Windows Agere Modem Driver Elevation of Privilege Vulnerability
Microsoft removed the vulnerable Agere Modem driver (ltmdm64.sys) after it was found to allow attackers to gain administrative privileges. The removal impacts fax modem hardware relying on this driver. Discovered by Fabian Mosch and Jordan Jay.
CVE-2025-59230 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
This flaw in the Remote Access Connection Manager component allows authorized attackers to gain SYSTEM privileges through improper access control. Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) identified the issue, noting that exploitation requires moderate effort and preparation.
CVE-2025-47827 | IGEL OS Secure Boot Bypass Vulnerability
A Secure Boot bypass in IGEL OS allowed attackers to mount a crafted, unverified SquashFS image. The issue stemmed from improper signature verification in the igel-flash-driver module. The fix, discovered by Zack Didcott, was publicly disclosed on GitHub.
CVE-2025-0033 | AMD RMP Corruption During SNP Initialization
A vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) could allow a compromised hypervisor to manipulate Reverse Map Table (RMP) entries during initialization. Microsoft notes this issue affects Azure Confidential Computing environments and is being mitigated through isolation and integrity controls. Discovered by Benedict Schlueter, Supraja Sridhara, and Shweta Shinde from ETH Zurich.
CVE-2025-24052 | Windows Agere Modem Driver Elevation of Privilege Vulnerability
A second privilege escalation issue in the Agere Modem driver impacts all supported Windows versions. Exploitation does not require active modem use, making this vulnerability broadly relevant across installations.
CVE-2025-2884 | TCG TPM 2.0 Out-of-Bounds Read Vulnerability
An out-of-bounds read flaw in the TCG TPM 2.0 reference implementation’s CryptHmacSign function could lead to denial of service or information disclosure. Discovered by the Trusted Computing Group (TCG) and an anonymous researcher, with public disclosure through CERT/CC.
Other Critical Vulnerabilities
Beyond the zero-days, Microsoft patched additional remote code execution flaws across Office, SharePoint, and Windows components, along with high-severity information disclosure issues affecting enterprise environments.
Adobe and Other Vendor Updates
Other major vendors released security updates in October 2025:
- Adobe: Issued patches for multiple products.
- Cisco: Released updates for Cisco IOS, Unified Communications Manager, and Cyber Vision Center.
- Draytek: Patched a pre-authentication RCE flaw in Vigor routers.
- Gladinet: Warned of an actively exploited CentreStack zero-day used in server breaches.
- Ivanti: Updated Endpoint Manager Mobile (EPMM) and Neurons for MDM.
- Oracle: Released emergency patches for two actively exploited E-Business Suite zero-days.
- Redis: Fixed a maximum severity RCE vulnerability.
- SAP: Issued updates for multiple products, including a maximum severity command execution flaw in NetWeaver.
- Synacor: Patched a Zimbra zero-day exploited for data theft.
Recommendations for Users and Administrators
Given the number of actively exploited and publicly disclosed vulnerabilities, organizations should prioritize patching systems affected by privilege escalation, Secure Boot, and TPM-related flaws. Systems running legacy hardware, such as those using Agere Modem drivers, should be monitored closely post-update for hardware functionality issues.
Enterprises leveraging Azure Confidential Computing should track AMD’s SEV-SNP mitigation progress via Azure Service Health alerts. Administrators should also apply updates from third-party vendors like Cisco, SAP, and Redis to close potential exploitation paths in integrated environments.
How Can Netizen Help?
Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally.
Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.
Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.
Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.
