Mission Statement

Number: AL25-015
Date: October 24, 2025

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

On October 24, 2025, Microsoft published an out-of-band security update to a critical vulnerability in the Windows Server Update Service (WSUS)^Footnote1.

CVE-2025-59287 involves the deserialization of untrusted data in WSUS, allowing an unauthorized attacker to execute code over a network.

The WSUS Server Role is not enabled by default on Windows servers, and Windows servers that do not have this role enabled are not vulnerable. In response to Microsoft’s disclosure, the Cyber Centre released an update to AV25-666 on October 24, 2025^Footnote2.

The Cyber Centre is aware of active exploitation ^Footnote3

Suggested actions

The Cyber Centre strongly recommends that organizations follow Microsoft customer guidance for mitigation advice:

• Apply the recommended update. If this is not possible, apply the following mitigations:
• If the WSUS Server Role is enabled on your server, disable it. Note that clients will no longer receive updates from the server if WSUS is disabled.
• Block inbound traffic to Ports 8530 and 8531 on the host firewall (as opposed to blocking only at the network/perimeter firewall) in order to render WSUS non-operational.

Microsoft adds that this update is cumulative, so organizations do not need to apply any previous updates before installing this one, as it supersedes all previous updates for affected versions. They suggest that if the October 2025 Windows security update has not been applied, that this out-of-band update should be applied. After installation, a reboot will be required.

In addition, the Cyber Centre also strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topics^Footnote4.

• Patching operating systems and applications
• Isolating Web-Facing applications

Should activity matching the content of this alert be discovered, recipients are encouraged to report via the My Cyber Portal, or email contact@cyber.gc.ca.

References

Serial number:AV25-666
Date:October 15, 2025
Updated: October 24, 2025

On October 14, 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

• .NET 8.0
• ASP.NET
• Arc Enabled Servers
• Azure Cache for Redis Enterprise
• Azure Compute Gallery
• Azure Confidential Compute VM
• Azure Managed Redis
• Azure Monitor
• Azure Monitor Agent
• Azure PlayFab
• DOOM
• Fallout Shelter
• Microsoft .NET Framework
• Microsoft 365 Apps for Enterprise
• Microsoft 365 Copilot's Business Chat
• Microsoft 365 Word Copilot
• Microsoft Access 2016
• Microsoft Configuration Manager
• Microsoft Defender for Endpoint for Linux
• Microsoft Entra ID
• Microsoft Excel 2016
• Microsoft Exchange Server
• Microsoft Exchange Server 2016
• Microsoft Exchange Server 2019
• Microsoft JDBC
• Microsoft Mesh PC Applications
• Microsoft Mesh for Meta Quest
• Microsoft Office
• Microsoft Office 2016
• Microsoft Office 2019
• Microsoft Office LTSC 2021
• Microsoft Office LTSC 2024
• Microsoft Office for Android
• Microsoft PowerPoint 2016
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft Visual Studio 2017
• Microsoft Visual Studio 2019
• Microsoft Visual Studio 2022
• Microsoft Word 2016
• Office Online Server
• PowerShell 7.4
• PowerShell 7.5
• Remote Desktop client for Windows Desktop
• Starfield Companion App
• Windows 10
• Windows 11
• Windows App Client for Windows Desktop
• Windows Server 2008
• Windows Server 2012
• Windows Server 2016
• Windows Server 2019
• Windows Server 2022
• Windows Server 2025

Microsoft has indicated that CVE-2025-47827, CVE-2025-59230 and CVE-2025-24990 have available exploits.

Update 1
On October 23, 2025, Microsoft stated that Proof of Concept (PoC) exploit for critical vulnerability CVE-2025-59287 affecting their WSUS is now available online.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• October 2025 Security Updates
• Security Update Guide

Serial number:AV25-695
Date:October 23, 2025

On October 21, 2025, Atlassian published a security advisory to address vulnerabilities in the following products:

• Bamboo Data Center and Server – multiple versions
• Fisheye/Crucible – versions 4.9.0 to 4.9.2 and 4.8.14 to 4.8.16
• Jira Data Center and Server – multiple versions
• Jira Service Management Data Center and Server – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Bulletin - October 21 2025
• Atlassian Security Advisories and Bulletins

Serial number:AV25-583
Date:September 10, 2025
Updated:October 23, 2025

On September 9, 2025, Adobe published security advisories to address vulnerabilities in the following products:

• Acrobat DC – version Win – 25.001.20672, Mac – 25.001.20668 and prior
• Acrobat Reader DC – version Win – 25.001.20672, Mac – 25.001.20668 and prior
• Acrobat 2024 – version Win & Mac – 24.001.30254 and prior
• Acrobat 2020 – version Win & Mac – 20.005.30774 and prior
• Acrobat Reader 2020 – version Win & Mac – 20.005.30774 and prior
• Adobe After Effects – version 24.6.7 and prior
• Adobe After Effects – version 25.3 and prior
• Adobe Premiere Pro – version 25.3 and prior
• Adobe Premiere Pro – version 24.6.5 and prior
• Adobe Commerce – multiple versions
• Adobe Commerce B2B – multiple versions
• Magento Open Source – multiple versions
• Adobe Substance 3D Viewer – version 0.25.1 and prior
• Adobe Experience Manager (AEM) – version AEM Cloud Service (CS)
• Adobe Experience Manager (AEM) version 6.5 LTS SP1 and prior
• Adobe Experience Manager (AEM) – version 6.5.23 and prior
• Adobe Dreamweaver – version 21.5 and prior
• Adobe Substance 3D Modeler – version 1.22.2 and prior
• ColdFusion 2025 – version Update 3 and prior
• ColdFusion 2023 – version Update 15 and prior
• ColdFusion 2021 – version Update 21 and prior

Update 1

On October 22, 2025, the Cyber Centre became aware of open-source reporting that CVE-2025-54236 affecting Adobe Commerce is being actively exploited in the wild.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• SessionReaper attacks have started, 3 in 5 stores still vulnerable
• Adobe Commerce | APSB25-88
• Adobe ColdFusion | APSB25-93
• Adobe Security Advisories

Serial number:AV25-694
Date:October 22, 2025

On October 22, 2025, Drupal published security advisories to address vulnerabilities in the following products:

• CivicTheme Design System – version prior to 1.12.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
• CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
• Drupal Security Advisories

Serial number:AV25-693
Date:October 22, 2025

On October 22, 2025, ISC published security advisories to address vulnerabilities in the following product:

• ISC BIND 9 – versions 9.11.3-S1 to 9.16.50-S1
• ISC BIND 9 – versions 9.18.11-S1 to 9.18.39-S1
• ISC BIND 9 – versions 9.20.9-S1 to 9.20.13-S1
• ISC BIND 9 – versions 9.11.0 to 9.16.50
• ISC BIND 9 – versions 9.18.0 to 9.18.39
• ISC BIND 9 – versions 9.20.0 to 9.20.13
• ISC BIND 9 – versions 9.21.0 to 9.21.12

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• ISC BIND security advisory - CVE-2025-8677
• ISC BIND security advisory - CVE-2025-40778
• ISC BIND security advisory - CVE-2025-40780
• BIND 9 Security Vulnerability Matrix