August Patch Tuesday

Hosted by Chris Goettl and Todd Schell
Patch Tuesday Webinar
Wednesday, August 13, 2025

Copyright © 2025 Ivanti. All rights reserved. 2
Agenda
▪ August 2025 Patch Tuesday Overview
▪ In the News
▪ Bulletins and Releases
▪ Between Patch Tuesdays
▪ Q & A

Microsoft and Adobe have released updates resolving
107 and 67 CVEs, respectively. Risk-based priorities
this month are the Windows OS, Office, SharePoint and
Adobe Experience Manager Forms to resolve publicly
disclosed and critical vulnerabilities. Server and ops
teams will also want to take a look at the two Azure
CVEs and updates for Exchange and SQL Server.
For more details check out this month's Patch Tuesday
blog.
August Patch Tuesday 2025

In the News

In the News
▪ Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities
▪ Disrupting active exploitation of on-premises SharePoint vulnerabilities
▪ Exchange Server Security Changes for Hybrid Deployments
▪ 32% of exploited vulnerabilities are now zero-days or 1-days
▪ Citrix NetScaler flaws lead to critical infrastructure breaches
▪ Citrix vulnerability (Update 13-08-2025)
▪ WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

▪ CVE-2025-53779 Windows Kerberos Elevation of Privilege Vulnerability
▪ CVSS 3.1 Scores: 7.2 / 6.7
▪ Severity: Moderate
▪ Impact: Elevation of Privilege
▪ Affected Systems: Windows Server 2025
▪ Per Microsoft: To successfully exploit this vulnerability, an attacker would need to have elevated access to certain
attributes of the dMSA, specifically:
• msds-groupMSAMembership: This attribute allows the user to utilize the dMSA.
• msds-ManagedAccountPrecededByLink: The attacker needs write access to this attribute, which allows them
to specify a user that the dMSA can act on behalf of.
An attacker who successfully exploited this vulnerability could gain domain administrator privileges.
Publicly Disclosed Vulnerabilities

Ivanti Avalanche
Ivanti Ivanti Virtual Application Delivery
Controller (vADC previously vTM)
Security Advisory: Ivanti
Avalanche
Ivanti Connect Secure, Policy Secure
& ZTA Gateways
Ivanti August Security Updates
Special thanks to the security researchers, ethical hackers, and the broader security community for partnering
with us to improve the security of our products.
Security Advisory: Ivanti
vADC
Vulnerabilities:
• CVE-2025-8310 CVSS: 6.3
Affected Versions:
• 22.8R2 and prior
Security Advisory: Ivanti ICS
IPS, ZTA Gateways
Vulnerabilities:
• CVE-2025-5456 CVSS: 7.5
• CVE-2025-5462 CVSS: 7.5
• CVE-2025-5466 CVSS: 4.9
• CVE-2025-5468 CVSS: 5.5
Affected Versions:
• ICS: 22.7R2.7 and prior
• IPS: 22.7R1.4 and prior
• ZTA Gateway: 22.8R2.2
• Neurons for Secure Access:
22.8R1.3 and prior
Vulnerabilities:
• CVE-2025-8296 CVSS: 7.2
• CVE-2025-8297 CVSS: 7.2
Affected Versions:
• 6.4.6 and prior

CVE-2025-8454
CVSS 3: 9.8
Impact: Debian-based Linux distributions
• uscan is a widely used tool for managing
upstream source code updates. It automates
the process of checking for new versions of
software packages and downloading them. its
underlying principles and functionality are
relevant to any Linux user interested in keeping
their software up-to-date.
• This vulnerability causes uscan to skip
OpenPGP verification if the upstream source is
already downloaded from a previous run even if
the verification failed back then.
• Affected versions: all prior versions of uscan
and devscripts prior to patch
Mitigation
Users are strongly advised to apply the vendor-
provided patch as soon as possible. This patch
rectifies the vulnerability by ensuring that uscan
does not skip OpenPGP verification for
previously downloaded software sources.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

CVE-2025-53028
CVSS 3: 8.2
Impact: Oracle VM VirtualBox version 7.1.10 (of
Oracle Virtualization)
▪ This widely used and popular open-source, cross-
platform virtualization software is known for its ability
to run multiple operating systems on a single device
and is particularly favored by developers and IT
professionals, with over 63 million downloads.
▪ The specific flaw exists within the implementation of
the VMSVGA virtual device. The issue results from
the lack of proper validation of user-supplied data,
which can result in a write past the end of an
allocated buffer.
▪ Exploitation can result in the compromise of Oracle
VM VirtualBox, with potential system takeover – the
attacker can execute arbitrary code, modify system
data, or even create new accounts with full user
rights
Mitigation
Oracle has released a patch to address this
vulnerability, and all users of Oracle VM VirtualBox
version 7.1.10 are advised to apply the patch as
soon as possible.

CVE-2025-49521
CVSS 3: 8.8
Impact: Ansible Automation Platform versions ≤ 2.5
(EL8/EL9)
▪ A flaw was found in the Event-Driven Ansible (EDA)
component of the Ansible Automation Platform, a
cornerstone of enterprise IT automation used
globally to manage millions of nodes.
▪ Vulnerability causes user-supplied Git branch or
refspec values to be evaluated as Jinja2 templates.
This vulnerability allows authenticated users to
inject expressions that execute commands or
access sensitive files on the EDA worker.
▪ In OpenShift environments, this vulnerability is
particularly dangerous as it allows attackers to
access and exfiltrate service account tokens,
potentially granting them extensive control over
Kubernetes clusters.
Mitigation
Update Ansible Automation Platform installations to
the latest version immediately to incorporate the
vendor’s security fix.

Microsoft Patch Tuesday Updates of Interest
Advisory 990001 Latest Servicing Stack Updates (SSU)
▪ No reported updates this month
▪ Azure and Development Tool Updates
▪ Azure File Sync v19.0, v20.0, and v21.0
▪ Multiple v5-series Azure VMs
▪ Windows Subsystem for Linux (WSL2)
▪ Web Deploy 4.0
▪ Azure Stack Hub 2406, 2408, and 2501
▪ Microsoft Visual Studio 2022 version 17.14

Windows 10
and 11 Lifecycle
Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
24H2 10/1/2024 10/13/2026
23H2 10/31/2023 11/11/2025
Windows 11 Enterprise and Education
24H2 10/1/2024 10/12/2027
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
Source: Microsoft
https://docs.microsoft.com/en-us/lifecycle/faq/windows

Microsoft Support Ivanti Support
Windows 10 22H2 reaches EOS Oct 2025
Three years of ESU support
• Year 1 October 15, 2025 – October 13, 2026
Licensing and Pricing
• Full-year purchase only
• Price doubles each year
• Cloud-based licensing via Windows 365 and
Intune
• 5 by 5 licensing via manual key download
Windows 10 Extended Security Updates (ESU)
ESU support based on Microsoft releases
Available for three major patch products
• Neurons for Patch Management
• Endpoint Manager
• Security Controls
Familiar model
• Concurrent with Microsoft support years
• Offered as special content
• Requires signed EULA addendum
• Tiered pricing based on required endpoints
• Fixed price throughout life of program

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2025 Datacenter and Standard 11/01/2024 10/09/2029 10/10/2034
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
▪ Focused on server long-term stability
▪ Major version releases every 2-3 years
▪ 5 years mainstream and 5 years extended support
▪ Server core or server with desktop experience available
Source: Microsoft

Patch Content Announcements
Announcements Posted on Community Forum Pages
▪ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
▪ Subscribe to receive email for the desired product(s)
Content Info: Endpoint Security
Content Info: Endpoint Manager
Content Info: macOS Updates
Content Info: Linux Updates
Content Info: Patch for Configuration Manager
Content Info: ISEC and Neurons Patch
Content Info: Neurons Patch for InTune

Bulletins and Releases

Copyright © 2025 Ivanti. All rights reserved.
CHROME-250812: Security Update for Chrome Desktop
▪ Maximum Severity: High
▪ Affected Products: Google Chrome
▪ Description: The Stable channel has been updated to 139.0.7258.127/.128 for
Windows, Mac and 139.0.7258.127 for Linux. See
https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-
desktop_12.html for more details.
▪ Impact: Remote Code Execution, Denial of Service
▪ Fixes 5 Vulnerabilities: CVE-2025-8879, CVE-2025-8880, CVE-2025-8901, CVE-
2025-8881, CVE-2025-8882
▪ Restart Required: Requires application restart
1

APSB25-73: Security Update for Adobe Animate
▪ Maximum Severity: Critical
▪ Affected Products: Adobe Animate version 23.0.13 and 24.0.10
▪ Description: Adobe has released an update for Adobe Animate for Windows and macOS. This
update resolves 2 vulnerabilities – 1 rated Critical and 1 rated Important. See
https://helpx.adobe.com/security/products/animate/apsb25-73.html for more details. Adobe is not
aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Impact: Arbitrary Code Execution, Memory Leak
▪ Fixes 2 Vulnerabilities: CVE-2025-49561, CVE-2025-49562
1

APSB25-74: Security Update for Adobe Illustrator
▪ Affected Products: Adobe Illustrator 28.7.9 and Illustrator 29.7
▪ Description: Adobe has released an update for Adobe Illustrator for Windows and macOS. This
update resolves 4 vulnerabilities – 2 rated Critical and 2 rated Important. See
https://helpx.adobe.com/security/products/illustrator/apsb25-74.html for more details. Adobe is
not aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Impact: Arbitrary Code Execution, Application Denial of Service
▪ Fixes 4 Vulnerabilities: CVE-2025-49563, CVE-2025-49564, CVE-2025-49567, CVE-2025-
49568
1

APSB25-75: Security Update for Adobe Photoshop
▪ Affected Products: Adobe Photoshop versions 25.12.4 and 26.9
▪ Description: Adobe has released an update for Adobe Photoshop for Windows and macOS. This
update addresses 1 vulnerability rated Critical. See
https://helpx.adobe.com/security/products/photoshop/apsb25-75.html for more details. Adobe is
not aware of any exploits in the wild for any of the issues addressed in these updates.
▪ Impact: Arbitrary Code Execution
▪ Fixes 1 Vulnerability: CVE-2025-49570
1

APSB25-79: Security Update for Adobe InCopy
▪ Affected Products: Adobe InCopy 19.5.4 and InCopy 20.5
▪ Description: Adobe has released an update for InCopy for Windows and macOS. This update
resolves 14 vulnerabilities – 11 rated Critical and 3 rated Important. Adobe is not aware of any
exploits in the wild for any of the issues addressed in these updates.
▪ Fixes 14 Vulnerabilities: See https://helpx.adobe.com/security/products/indesign/apsb25-79.html
for more details.
1

APSB25-80: Security Update for Adobe InDesign
▪ Affected Products: Adobe InDesign 19.5.5 and InDesign 20.5
▪ Description: Adobe has released an update for Adobe InDesign for Windows and macOS. This
update addresses eight vulnerabilities rated Critical. See
https://helpx.adobe.com/security/products/incopy/apsb25-80.html for more details. Adobe is not
aware of any exploits in the wild for any of the issues addressed in these updates.
54218, CVE-2025-54219, CVE-2025-54220, CVE-2025-54221, CVE-2025-54223
1

MS25-08-W11: Windows 11 Update
▪ Affected Products: Microsoft Windows 11 Version 22H2, 23H2, 24H2, Server 2025 and Edge
Chromium
▪ Description: This bulletin references KB 5063875 (22H2/23H2) and KB 5063878 (24H2 and
Server 2025). See KBs for details of all changes.
▪ Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege, and
Information Disclosure
▪ Fixes 66 Vulnerabilities: CVE-2025-53779 is publicly disclosed. No CVEs are known exploited.
See the Security Update Guide for the complete list of CVEs.
▪ Restart Required: Requires restart
▪ Known Issues: None reported
1

MS25-08-W10: Windows 10 Update
▪ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 22H2, Server 2016, Server
2019, Server 2022, Server 2022 Datacenter: Azure Edition and Edge Chromium
▪ Description: This bulletin references multiple KB articles. See Windows 10 and associated
server KBs for details of all changes.
▪ Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege, and
Information Disclosure
▪ Fixes 62 Vulnerabilities: No CVEs are known exploited or publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
1

▪ Affected Products: Excel 2016, Office 2016, Office LTSC for Mac 2021 & 2024, Office Online
Server, Office for Android, Powerpoint 2016, Teams (all), Word 2016
▪ Description: This security update addresses 16 vulnerabilities in Microsoft Office and supporting
products. This bulletin is based on 5 KB articles plus release notes for the Mac updates and
others.
▪ Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
▪ Fixes 16 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
MS25-08-OFF: Security Updates for Microsoft Office
1

▪ Affected Products: Microsoft 365 Apps, Office 2019, Office LTSC 2021 and Office LTSC 2024
▪ Description: This security update addresses several vulnerabilities in Microsoft Office.
Information on the security updates is available at https://learn.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
▪ Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
▪ Fixes 14 Vulnerabilities: No vulnerabilities are known exploited or publicly disclosed. See the
Security Update Guide for the complete list of CVEs.
MS25-08-O365: Security Updates for Microsoft 365 Apps
1

MS25-08-EXCH: Security Updates for Exchange Server
▪ Affected Products: Microsoft Exchange Server 2016 CU23, Exchange Server 2019 CU14 &
CU15, Exchange Server Subscription Edition
▪ Description: This security update addresses 5 vulnerabilities in Microsoft Exchange Server. This
bulletin is based on 8 KB articles.
▪ Impact: Tampering, Spoofing, Elevation of Privilege, Information Disclosure
33051, CVE-2025-53786. No CVEs are known exploited or publicly disclosed.
▪ Known Issues: The Edge Transport service (EdgeTransport.exe) stops responding and then
restarts. This issue occurs if Exchanger Server tries to decrypt messages that are sent from an
external source that's protected by Azure Rights Management (Azure RMS). For more
information and a workaround, see Edge Transport service stops responding after installing
November 2024 SU or Exchange 2019 CU15.
1

MS25-08-SQL: Security Updates for SQL Server
▪ Maximum Severity: Important
▪ Affected Products: Microsoft SQL Server 2016 SP3, Microsoft SQL Server 2017 (GDR and
CU31), Microsoft SQL Server 2019 (GDR and CU32) and Microsoft SQL Server 2022 (GDR
and CU20)
▪ Description: This security update fixes five vulnerabilities in SQL Server. This bulletin is based
on 8 KB articles.
▪ Impact: Elevation of Privilege
49759 and CVE-2025-53727. No CVEs are known exploited or publicly disclosed.
1
2

▪ Maximum Severity: Important
▪ Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint Enterprise
Server 2016, and SharePoint Server 2019
▪ Description: This security update resolves 4 vulnerabilities in Microsoft SharePoint Server. This
bulletin is based on 5 KB articles.
▪ Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
▪ Fixes 4 Vulnerabilities: CVE-2025-49712, CVE-2025-53733, CVE-2025-53736, and CVE-2025-
53760. No CVEs are known exploited or publicly disclosed.
▪ Known Issues: After you install this update, you may experience an issue when you configure
calendar overlay settings. For more information, see Overlay settings in CalendarService.ashx
doesn't work (KB5064829).
MS25-08-SPT: Security Updates for SharePoint Server
1
2

Between
Patch Tuesdays

Windows Release Summary
▪ Security Updates (with CVEs): Apache Tomcat (2), Google Chrome (4), Firefox (1), Firefox ESR (2), Git (1),
Java 8 (1), Java Development Kit 11 (1), Java Development Kit 17 (1), Java Development Kit 21 (1), Node.JS
(Current) (1), Node.JS (LTS Upper) (2), Opera (1), VirtualBox (1), Thunderbird (1), Thunderbird ESR (1),
VMware Tools (2), VMware Workstation Pro (1)
▪ Security Updates (w/o CVEs): 7-Zip (1), Adobe After Effects 2025 (1), Adobe InDesign 2025 (1), Adobe
Illustrator (1), Anaconda Python (1), Adobe Photoshop 2025 (1), Adobe Acrobat DC and Acrobat Reader DC
(1), Audacity (1), Amazon WorkSpaces (1), Azul Zulu (4), CCleaner (1), Cisco Duo Desktop (1), ClickShare
App Machine-Wide Installer (2), Corretto (4), Falcon Sensor for Windows (1), Devolutions Remote Desktop
Manager (3), Docker (1), Dropbox (1), Eclipse Adoptium (4), Firefox (1), FileZilla Client (2), Jabra Direct (1),
LibreOffice (1), LogMeIn (1), Nmap (1), Opera (1), PDF-Xchange PRO (1), PDF-Xchange Editor Plus (1),
Paint.net (1), Plex Media Server (1), Pulse Secure VPN Desktop Client (1), Slack Machine-Wide Installer (2),
Snagit (1), Splunk Universal Forwarder (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (1),
TeamViewer (1), VSCodium (3), WinSCP (1), Wireshark (1), Zoom Workplace Desktop App (3), Zoom
Outlook Plugin (1), Zoom Rooms App (1), Zoom Workplace VDI App (1)

Windows Release Summary
▪ Non-Security Updates: 1Password (2), AIMP (1), BlueBeam Revu (1), Beyond Compare (2), Box Drive (1),
Bitwarden (1), Client for Open Enterprise Server (1), Cisco Webex Teams (1), draw.io (2), Evernote (4),
Google Drive File Stream (2), GoodSync (2), GeoGebra Classic (3), Greenshot (2), Krisp (2), OpenVPN
Connect (1), PicPick (1), RingCentral App (Machine-Wide Installer) (1), RealVNC Server (1), RealVNC Viewer
(1), WeCom (1), WinMerge (1), XnView (1)

Windows Third Party CVE Information
▪ Google Chrome 138.0.7204.158
▪ CHROME-250716, QGC13807204158
▪ Fixes 4 Vulnerabilities: CVE-2025-6554, CVE-2025-6558, CVE-2025-7656, CVE-2025-7657
▪ CHROME-250722, QGC13807204169
▪ CHROME-250729, QGC13807204184
▪ CHROME-250805, QGC1390725867
▪ Fixes 8 Vulnerabilities: CVE-2025-8576, CVE-2025-8577, CVE-2025-8578, CVE-2025-8579, CVE-
2025-8580, CVE-2025-8581, CVE-2025-8582, CVE-2025-8583

Windows Third Party CVE Information (cont)
▪ Firefox 141.0
▪ FF-250722, QFF1410
▪ Fixes 18 Vulnerabilities: CVE-2025-8027, CVE-2025-8028, CVE-2025-8029, CVE-2025-8030,
CVE-2025-8031, CVE-2025-8032, CVE-2025-8033, CVE-2025-8034, CVE-2025-8035, CVE-2025-
8036, CVE-2025-8037, CVE-2025-8038, CVE-2025-8039, CVE-2025-8040, CVE-2025-8041,
CVE-2025-8042, CVE-2025-8043, CVE-2025-8044
▪ Firefox ESR 128.13.0
▪ FFE128-250723, QFFE128130
2025-8031, CVE-2025-8032, CVE-2025-8033, CVE-2025-8034, CVE-2025-8035
▪ FFE140-250722, QFFE14010
8036, CVE-2025-8037, CVE-2025-8038, CVE-2025-8039, CVE-2025-8040

▪ Apache Tomcat 10.1.43
▪ TMCAT101-250711, QTOMCAT10143
▪ Apache Tomcat 11.0.9
▪ TMCAT110-250711, QTOMCAT1109
▪ Git for Windows 2.50.1
▪ GIT-250716, QGIT2501
CVE-2025-48384, CVE-2025-48385, CVE-2025-48386
▪ Node.JS 24.4.1 (Current)
▪ NOJSC-250723, QNODEJSC2441

▪ Node.JS 22.17.1 (LTS Upper)
▪ NOJSLU-250723, QNODEJS1U22171
▪ Node.JS 20.19.4 (LTS Upper)
▪ NOJSLU-250724, QNODEJSLU20194
▪ Opera 120.0.5543.93
▪ OPERA-250717, QOP1200554393
▪ VirtualBox 7.1.12
▪ OVB71-250716, QOVB7112
CVE-2025-53028, CVE-2025-53029, CVE-2025-53030

▪ Java Development Kit 21 Update 21.0.8
▪ JDK21-250716, QJDK2108
CVE-2025-50106
▪ JDK17-250716, QJDK17016
CVE-2025-50106
▪ JDK11-250716, QJDK11028
CVE-2025-50106
▪ Java 8 Update 461 – JRE and JDK
▪ JAVA8-250716, QJDK8U461 and QJRE8U461
2025-30761, CVE-2025-50059, CVE-2025-50063, CVE-2025-50106

▪ Thunderbird 141.0
▪ TB-250722, QTB1410
CVE-2025-8044
▪ Thunderbird ESR 128.13.0
▪ TBE128-250807, QTB128130
2025-8031, CVE-2025-8032, CVE-2025-8033, CVE-2025-8034, CVE-2025-8035
▪ VMware Tools 12.5.3
▪ VMWT12-250721, QVMWT1253

▪ VMWT12-250721, QVMWT1253
▪ VMWT13-250716, QVMWT1301
▪ VMware Workstation Pro 17.6.4
▪ VMWW17-250716, QVMWW1764

Apple Release Summary
▪ Security Updates (with CVEs): Adobe After Effects (1), Apple Safari (1), Apple macOS
Sequoia (1), Apple macOS Sonoma (1), Apple macOS Ventura (1), Docker Desktop (1),
Google Chrome (4), Microsoft Office Excel (1), Firefox (1), Firefox ESR (3), Microsoft Edge (4),
Microsoft Office OneNote (1), Microsoft Office Outlook (1), Microsoft Office PowerPoint (1),
Thunderbird (1), Thunderbird ESR (2), Microsoft Office Word (1)
▪ Security Updates (w/o CVEs): None
▪ Non-Security Updates: 1Password (3), Adobe InCopy 2025 (1), Adobe Photoshop 2025 (1),
Adobe Acrobat DC and Acrobat Reader DC (1), Brave (4), Devolutions Remote Desktop
Manager (1), Docker Desktop (1), draw.io (2), Evernote (3), Microsoft Office Excel (2), Firefox
(1), Figma (1), Google Drive (1), Go (1), Grammarly (5), Adobe InDesign 2025 (1), Adobe
Illustrator 2025 (1), Adobe Bridge 2025 (1), Krisp (2), LibreOffice (1), Microsoft Edge (1),
OneDrive (1), Microsoft Office OneNote (2), Microsoft Office Outlook (2), Microsoft Office
PowerPoint (2), Slack (2), Spotify (2), Thunderbird ESR (2), Microsoft Teams (2), Visual Studio
Code (4), VSCodium (4), Webex Teams (1), Microsoft Office Word (2), Zoom Client (3)

Apple Updates with CVE Information
▪ macOS Ventura 13.7.7
▪ Fixes 40 Vulnerabilities: See Apple security bulletin for details
▪ macOS Sonoma 14.7.7
▪ macOS Sequoia 15.6
▪ Safari 18.6

Apple Third Party CVE Information
▪ CHROMEMAC-250715
▪ Fixes 3 Vulnerabilities: CVE-2025-6558, CVE-2025-7656, CVE-2025-7657
2025-8580, CVE-2025-8581, CVE-2025-8582, CVE-2025-8583

Apple Third Party CVE Information (cont)
▪ Firefox 141.0
▪ FF-250723
CVE-2025-8042, CVE-2025-8043, CVE-2025-8044
▪ FFE128-250723
2025-8031, CVE-2025-8032, CVE-2025-8033, CVE-2025-8034, CVE-2025-8035
▪ FFE140-250728
8036, CVE-2025-8037, CVE-2025-8038, CVE-2025-8039, CVE-2025-8040

Apple Third Party CVE Information
▪ Adobe After Effects
▪ APSB25-49
▪ Docker Desktop 4.44.0
▪ DOCKERMAC-250807
▪ Microsoft Office Excel 16.99
▪ EXCEL-250716
CVE-2025-49699, CVE-2025-49702, CVE-2025-49711
▪ Microsoft Office OneNote 16.99
▪ ONENOTE-250716
CVE-2025-47953

▪ Microsoft Office Outlook 16.99
▪ OUTLOOK-250702
CVE-2025-49702
▪ Microsoft Office PowerPoint 16.99
▪ POWERPOINT-250716
CVE-2025-49702, CVE-2025-49705
▪ Microsoft Office Word 16.99
▪ WORD-250716
CVE-2025-49699, CVE-2025-49702, CVE-2025-49703
▪ Microsoft Edge 138.0.3351.95
▪ MEDGEMAC-250716
▪ Fixes 3 Vulnerabilities: CVE-2025-6558, CVE-2025-7656, CVE-2025-7657

▪ MEDGEMAC-250725
▪ MEDGEMAC-250731
▪ MEDGEMAC-250807
2025-8580, CVE-2025-8581, CVE-2025-8582, CVE-2025-8583

▪ Thunderbird 141.0
▪ TB-250723
CVE-2025-8044
▪ TBE128-250723
2025-8031, CVE-2025-8032, CVE-2025-8033, CVE-2025-8034, CVE-2025-8035
▪ TBE140-250723
8036, CVE-2025-8037, CVE-2025-8038, CVE-2025-8039, CVE-2025-8040

Q & A

Thank You!

August Patch Tuesday

More Related Content

Similar to August Patch Tuesday

More from Ivanti

Recently uploaded

August Patch Tuesday