• I’m currently in Cork, Ireland as we prepare for Pwn2Own Ireland, but that doesn’t stop patch Tuesday from coming. • Take a break from your scheduled activities and let’s take a look at the latest security offerings from Adobe and Microsoft. • If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for October 2025 For October, Adobe released 12 bulletins addressing 36 unique CVEs in Adobe Connect, Commerce, Creative Cloud Desktop, Bridge, Animate, Experience Manager Screens, Substance 3D Viewer, Substance 3D Modeler, FrameMaker, Illustrator, Dimension, and Substance 3D Stager. • Likely the most important of these is the update for Substance 3D Stager, which addresses five Critical-rated code execution bugs. • The fix for Dimension corrects four code execution bugs. • The patch for Illustrator contains only two bugs, but both lead to code execution.
Article Summaries:
- The October 2025 Security Update Review
Adobe released 12 security bulletins covering 36 CVEs across its product line, with the most critical fixes in Substance 3D Stager (five code‑execution bugs), Dimension (four), and Illustrator (two). Other notable patches address Commerce (five CVEs, including two bypasses) and FrameMaker (two critical code‑execution bugs). All Adobe updates were given deployment priority 3 and none were actively exploited at release.
Microsoft’s October patch set was the largest ever, adding 177 new CVEs (195 total with third‑party updates). Sixteen were rated critical, one moderate, and the rest important. The release included 16 critical Windows and component fixes, a Trend ZDI‑reported CVE, and three bugs under active attack. The volume is attributed partly to the end‑of‑support push for Windows 10, signaling that large monthly patches are becoming the norm.
Sources: