Critical Security Vulnerabilities Alert: October 2025 Mandatory Patch List

Organizations worldwide are facing heightened cybersecurity risks this month as security researchers have identified eight critical vulnerabilities requiring immediate attention.

These vulnerabilities, ranging from remote code execution flaws to unauthorized access issues, affect widely-used enterprise software and infrastructure components.

Understanding Zero-Day Vulnerabilities: How Hackers Exploit Windows Kernel Flaws

Overview of Critical Threats

The October 2025 mandatory security vulnerability list includes high-severity flaws affecting popular systems including Redis, Oracle E-Business Suite, Apache Tomcat, Windows Server Update Services, and several other enterprise platforms.

Security experts emphasize that several of these vulnerabilities are already being actively exploited in the wild, making immediate patching crucial for organizational security.

Critical Security Alert: Windows 11 Users Must Install November Updates Immediately

1. Redis Remote Code Execution Vulnerability (CVE-2025-49844)

Severity: Critical (CVSS 9.9)

Tencent Cloud Security has detected a severe vulnerability in Redis, the widely-used open-source in-memory data structure store. The flaw exists in Redis’s Lua script execution environment, where a use-after-free vulnerability allows authenticated attackers to manipulate the garbage collector through specially crafted Lua scripts, potentially achieving remote code execution.

Affected Versions:

Redis versions prior to 6.2.20
Redis 7.0.0 through 7.2.10
Redis 7.4.0 through 7.4.5
Redis 8.0.0 through 8.0.3
Redis 8.2.0 through 8.2.1

Mitigation: Upgrade to the latest patched versions immediately. As a temporary measure, restrict EVAL and EVALSHA command execution through Access Control Lists (ACL) and limit Redis instance access to trusted users only.

2. Oracle E-Business Suite Remote Code Execution (CVE-2025-61882)

Severity: Critical (CVSS 9.8) – Actively Exploited

A critical authentication bypass vulnerability has been discovered in Oracle E-Business Suite’s Concurrent Processing component, specifically within the BI Publisher integration. Attackers can exploit this flaw through specially crafted HTTP requests to bypass security mechanisms and gain complete control over Oracle Concurrent Processing, ultimately executing arbitrary code remotely.

Affected Versions: Oracle E-Business Suite 12.2.3 through 12.2.14

Status: Active exploitation has been confirmed in the wild, making this vulnerability particularly urgent.

3. Oracle E-Business Suite Unauthorized Access (CVE-2025-61884)

Severity: High (CVSS 7.5) – Actively Exploited

The Oracle Configurator component within E-Business Suite contains an unauthorized access vulnerability that allows unauthenticated remote attackers to access restricted pages and sensitive data via HTTP protocol. This flaw enables complete access to all Oracle Configurator-accessible data without authentication.

Affected Versions: Oracle E-Business Suite 12.2.3 through 12.2.14

4. FlowiseAI Arbitrary File Write and Remote Command Execution (CVE-2025-61913)

Severity: Critical (CVSS 9.9)

Flowise, a popular drag-and-drop UI tool for building custom large language model workflows, contains a path traversal vulnerability in its WriteFileTool and ReadFileTool components. Authenticated attackers can exploit unrestricted file path access to read sensitive files and write malicious content, potentially achieving remote command execution.

Affected Versions: Flowise versions prior to 3.0.8

5. Windows Server Update Service Remote Code Execution (CVE-2025-59287)

Severity: Critical (CVSS 9.8) – Actively Exploited

Microsoft’s Windows Server Update Services (WSUS) contains a critical deserialization vulnerability affecting untrusted data handling. Attackers can exploit this flaw using specially crafted serialized data to execute arbitrary code remotely and gain complete system control.

Affected Versions:

Windows Server 2012 through 2025
Multiple build versions across all supported Windows Server editions

Status: Active exploitation confirmed, requiring immediate patching.

6. Apache Tomcat Remote Code Execution (CVE-2025-55752)

Severity: High (CVSS 7.5)

A regression defect introduced during the fix for bug 60013 has created a security bypass vulnerability in Apache Tomcat. The flaw involves URL canonicalization occurring before decoding, preventing proper identification of directory traversal sequences. Attackers can manipulate request URIs to bypass security constraints protecting /WEB-INF/ and /META-INF/ directories. When combined with enabled PUT requests, this vulnerability enables remote code execution.

Affected Versions:

Apache Tomcat 8.5.6 through 8.5.100 (EOL)
Apache Tomcat 9.0.0.M11 through 9.0.108
Apache Tomcat 10.1.0-M1 through 10.1.44
Apache Tomcat 11.0.0-M1 through 11.0.10

7. Cherry Studio Command Injection (CVE-2025-61929)

Severity: Critical (CVSS 9.8)

Cherry Studio, a desktop client for accessing multiple large language model providers, contains a command injection vulnerability in its custom URL protocol handler (cherrystudio://). The application fails to validate MCP installation requests, allowing remote attackers to execute arbitrary commands when victims click malicious links containing Base64-encoded commands.

Affected Versions: Cherry Studio prior to version 1.6.6

8. JumpServer Permission Management Error (CVE-2025-62712)

Severity: Critical (CVSS 9.6)

The open-source bastion host system JumpServer contains an access control flaw in its API endpoint /api/v1/authentication/super-connection-token/. This vulnerability returns connection tokens created by all users rather than just the requester’s tokens, enabling attackers to access managed assets belonging to other users and achieve privilege escalation.

Affected Versions:

JumpServer prior to 3.10.20-lts
JumpServer 4.0.0 through 4.10.10-lts

Immediate Action Required

Organizations using any of the affected software should take the following steps immediately:

Assess Impact: Identify all instances of vulnerable software within your environment
Backup Data: Perform complete backups before applying patches
Apply Patches: Upgrade to vendor-recommended secure versions as soon as possible
Implement Temporary Mitigations: Where immediate patching isn’t possible, apply recommended workarounds
Monitor for Indicators of Compromise: Review logs for suspicious activity, especially for vulnerabilities with confirmed active exploitation

Why Enterprises Are Replacing VPNs with Zscaler Private Access?

Conclusion

The October 2025 vulnerability landscape presents significant risks to enterprise security infrastructure. With multiple critical vulnerabilities already under active exploitation, security teams must prioritize patching efforts and implement defense-in-depth strategies. Organizations should establish regular vulnerability management processes and maintain current patch levels across all enterprise systems to minimize exposure to such threats.

For the latest security updates and detailed remediation guidance, consult your software vendors’ official security advisories and consider engaging cybersecurity professionals for comprehensive security assessments.

This article is based on security advisories from Internet, reference only. Organizations should determine this risks themselves and verify the applicability of these vulnerabilities to their specific environments and follow their vendors’ official guidance for remediation.

Critical Security Vulnerabilities Alert: October 2025 Mandatory Patch List