Patch Monday November 2025 - One Zero Day from Google for Chrome

Unsubscribe

Welcome to my November 2025 Patch Monday newsletter! In the past month we've had one zero day from Google to look at. The most recent release for Chrome on November 17 patched CVE-2025-13223 which exists in the wild. This type confusion is rated high by Google. In addition to this there were 32 other updates over four releases in the last 30 days for a total of 33 updates. 13 of these, including our zero day, are rated high. So, you will want to get Chrome updated and restarted as soon as possible.

For our other third-party vendors it was a pretty standard month. I will say, though, that Zoom released more than the usual updates this month. Normally they have just a few but this month they had nine updates all on November 11.

Apple also had some large update for most of its support applications. You can see these in the chart below.

If there are any additional products you would like to see in the chart below, please let me know.

Be sure to browse the chart below and happy patching!

Follow randyfsmith on X

Subscribe to Randy Franklin Smith on Facebook

So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.

Patch data provided by:

Identifier

Vendor/
Product

Affected Versions

Date Released
by Vendor

Vulnerability Info

Vender Severity / Our Recommendation

Multiple CVE's

Adobe Format Plugins

1.1.1 and earlier

11/11/2025

 Arbitrary Code Execution,
Memory Exposure

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Illustrator

2024 28.7.10 and earlier

2025 29.8.2 and earlier

11/11/2025

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Illustrator on iPad

3.0.9 and earlier

11/11/2025

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe InCopy

20.5 and earlier

19.5.5 and earlier

11/11/2025

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

Multiple CVEs

Adobe InDesign

ID20.5 and earlier

19.5.5 and earlier

11/11/2025

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

CVE-2025-61830

Adobe Pass

3.7.3 and earlier

11/11/2025

 Security Feature Bypass

Critical Priority 3: Update at admins discretion

CVE-2025-61819

Adobe Photoshop

26.8.1 and earlier

11/11/2025

 Arbitrary Code Execution

Important Priority 3: Update at admins discretion

Multiple CVE's

Adobe Substance 3D Stager

2020 Release Update 9 and earlier

2022 Release Update 7 and earlier

11/11/2025

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

Multiple CVE's

Apple iPadOS

Before 26.1

11/3/2025

 Biometric Hack,
Data Leak,
Keylogging,
Out of Bounds,
Sandbox Escape,
Security Feature Bypass,
Spoofing,
Unauthorized Access,
Unexpected System Termination,
Use After Free,
User Tracking

Update after testing

Multiple CVE's

Apple macOS Sequoia

Before 15.7.2

11/3/2025

 Data Leak,
Denial of Service,
Privilege Escalation,
Out of Bounds,
Sandbox Escape,
Security Feature Bypass,
Unexpected System Termination,
Use After Free

Update after testing

Multiple CVE's

Apple macOS
Sonoma

Before 14.8.2

11/3/2025

 Data Leak,
Denial of Service,
Privilege Escalation,
Out of Bounds,
Sandbox Escape,
Security Feature Bypass,
Unexpected System Termination,
Use After Free

Update after testing

Multiple CVE's

Apple macOS Tahoe

Before 26.1

11/3/2025

 Biometric Hack,
Data Leak,
Denial of Service,
Privilege Escalation,
Out of Bounds,
Sandbox Escape,
Security Feature Bypass,
Spoofing,
Unexpected System Termination,
Use After Free

Update after testing

Multiple CVE's

Apple Safari

Before 26.1

11/3/2025

 Biometric Hack,
Data Leak,
Denial of Service,
Privilege Escalation,
Security Feature Bypass,
Spoofing,
Unexpected System Termination,
Use After Free

Update after testing

Multiple CVE's

Apple watchOS

Before 26.1

11/3/2025

 Biometric Hack,
Data Leak,
Sandbox Escape,
Security Feature Bypass,
Spoofing,
Unexpected System Termination,
Use After Free

Update after testing

Multiple CVE's

Apple Xcode

Before 26.1

11/3/2025

 Denial of Service,
Out of Bounds Write

Update after testing

Multiple CVE's

Apple visionOS

Before 26.1

11/3/2025

 Biometric Hack,
Data Leak,
Sandbox Escape,
Security Feature Bypass,
Spoofing,
Unexpected System Termination

Update after testing

CVE-2025-43515

Apple Compressor

Before 4.11.1

11/13/2025

 Arbitrary Code Execution

Update after testing

Multiple CVE's

Google
Chrome

Before 142.0.7444.175/.176 (Windows)

Before 142.0.7444.176 (Mac)

Before 142.0.7444.175 (Linux)

11/17/2025

 Inappropriate Implementation,
Incorrect Security UI,
Out of Bounds Write/Read,
Policy Bypass,
Race Condition,
Type Confusion,
Use After Free		 Zero Day - Update after testing

Multiple CVE's

Mozilla Thunderbird

Before 145

11/13/2025

 Arbitrary Code Execution,
Incorrect Boundary Conditions,
Policy Bypass,
Race Condition,
Sandbox Escape,
Security Feature Bypass,
Spoofing,
Use After Free

Update after testing

Multiple CVE's

Mozilla Firefox

Before 145

11/11/2025

 Arbitrary Code Execution,
Incorrect Boundary Conditions,
Policy Bypass,
Race Condition,
Sandbox Escape,
Security Feature Bypass,
Spoofing,
Use After Free

Update after testing

Multiple CVE's

Mozilla Firefox ESR

Before 140.5

11/11/2025

 Incorrect Boundary Conditions,
Race Condition,
Spoofing,
Use After Free

Update after testing

CVE-2025-64738

Zoom Workplace for macOS

Before 6.5.10

Meeting SDK before 6.5.10

11/11/2025

 Disclosure of Information

Medium - Update after testing

CVE-2025-64740

Zoom Clients for Windows

Workplace VDI before 6.3.14, 6.4.12 and 6.5.10

11/11/2025

 Escalation of Privilege

High - Update after testing

CVE-2025-64741

Zoom Workplace for Android

Before 6.5.10

Meeting SDK before 6.5.10

11/11/2025

 Escalation of Privilege

High - Update after testing

CVE-2025-30669

Zoom Workplace Clients

Windows, Linux, including Meeting SDK before 6.5.10

VDI Client for Windows before 6.3.14, 6.4.12 and 6.5.10

11/11/2025

 Disclosure of Information

Medium - Update after testing

CVE-2025-62482

Zoom Workplace for Windows

Before 6.5.10

Meeting SDK before 6.5.10

11/11/2025

 Cross Site Scripting

Medium - Update after testing

CVE-2025-62484

Zoom Workplace Clients

iOS and Android including Meeting SDK before 6.5.10

11/11/2025

 Escalation of Privilege

High - Update after testing

CVE-2025-30662

Zoom Workplace VDI Plugin

macOS Universal Installer before 6.3.14, 6.4.12 and 6.5.10

11/11/2025

 Disclosure of Information

Medium - Update after testing

CVE-2025-64739

Zoom Clients

Workplace for Windows, macOS and Linux including Meeting SDK before 6.5.10

Workplace VDI Client for Windows before 6.3.14, 6.4.12 and 6.5.10

11/11/2025

 Disclosure of Information

Medium - Update after testing

CVE-2025-62483

Zoom Clients

 Workplace for Windows, macOS and Linux including Meeting SDK before 6.5.10

Workplace VDI Client for Windows before 6.3.14, 6.4.12 and 6.5.10

Rooms for Windows, macOS and iOS before 6.6.0

11/11/2025

 Disclosure of Information

Medium - Update after testing

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Follow randyfsmith on Twitter Subscribe to Randy Franklin Smith on Facebook

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.