• I’ve made it through Pwn2Own Ireland, and while many are celebrated those who served their country in the armed services, patch Tuesday stops for no one. • So affix your poppy accordingly, and let’s take a look at the latest security offerings from Adobe and Microsoft. • If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for November 2025 For November, Adobe released eight bulletins addressing 29 unique CVEs in Adobe InDesign, InCopy, Photoshop, Illustrator, Illustrator Mobile, Substance 3D Stager, Format Plugins, and Adobe Pass. • Nine of these CVEs were reported by Trend ZDI researcher Michel DePlante. • He discovered the bugs fixed by the patch for Adobe Format Plugins. • If you must prioritize, the update for InDesign fixes four Critical-rated bugs.
Article Summaries:
- November 2025 Security Update Review
Adobe issued eight security bulletins covering 29 CVEs across its creative suite, with the most critical fixes in InDesign, Illustrator (iPad), Photoshop, and Substance 3D Stager. All vulnerabilities were rated Critical or Important, but none were publicly known or actively exploited at release. Microsoft’s November patch cycle addressed 63 Windows‑related CVEs (four Critical, 59 Important) plus 5 Chromium updates, totaling 68 fixes-down sharply from 177 the previous month. The only CVE under active attack was CVE‑2025‑62215, a Windows Kernel elevation‑of‑privilege flaw. Overall, Microsoft has patched 1,084 CVEs this year, with no publicly disclosed exploits reported.
Sources: