Application Management and Patching

March 2025 Third-Party Patches: Notable Vulnerabilities and Updates 

Tuukka Tiainen
Published on: April 15, 2025
Topics: Application Management and Patching
Tags:

Are you confident your third-party patches are up to date?

With Application Manager you can be. Save yourself and your team precious time by automating entire application deployment processes.

Learn More

Key numbers have remained stable over the past three months. Metrics show that 58 vulnerable applications were remediated using 99 patches. In total, these updates addressed 91 unique vulnerabilities. 

March 2025 Third-Party Patches - Application Workspace

Notable Vulnerabilities in March 2025 Third-Party Patches 

In March, several zero-day vulnerabilities were patched, and nine vulnerabilities were classified as critical. VMware Workstation Player 17 was affected by two zero-day vulnerabilities: CVE-2025-22224 and CVE-2025-22226. A malicious actor with local administrative privileges on a virtual machine could exploit CVE-2025-22224 to execute code as the VMX process on the host. Under similar conditions, CVE-2025-22226 can be exploited to leak memory from the VMX process. Other VMWare products were also affected. For more details, refer to the Security Advisory Security Advisory released by Broadcom. 

CVE-2025-2783 is a zero-day vulnerability that affects Chromium-based products. An incorrect handle in the Mojo component of Google Chrome on Windows (versions earlier than 134.0.6998.177) allowed a remote attacker to escape the sandbox via a malicious file. This vulnerability also affects Microsoft Edge and Vivaldi browsers. There is no indication that Brave Browser addressed this vulnerability in March. CVE-2025-24201 is another zero-day vulnerability affecting Chromium-based browsers, remediated by Brave Browser, Google Chrome, Microsoft Edge, and Vivaldi in March. 

Snagit released a patch addressing the critical OpenSSL vulnerability CVE-2021-3711. Refer to their changelog for additional details. 

Mozilla released an update to remediate the CVE-2025-1942 vulnerability affecting Firefox and Thunderbird. Refer to their security advisory for more information. Additionally, Mozilla addressed a second critical vulnerability, CVE-2025-1941, in Firefox. More details are available in their security advisory

Critical vulnerability CVE-2025-27832 affects Ghostscript. In Artifex Ghostscript versions prior to 10.05.0, a compression buffer overflow was discovered in the NPDL device for the file contrib/japanese/gdevnpdl.c. More details are available in their bug tracker. Additionally, critical vulnerabilities CVE-2025-27831, CVE-2025-27836, and CVE-2025-27837 affect Artifex Ghostscript versions prior to 10.05.0. Refer to the respective bug tracker pages for more information: 

Browser Security Updates in March 2025 

Browser Vulnerabilities Updates 
Google Chrome 16 
Microsoft Edge 14 
Brave Browser 16 
Pale Moon 
Mozilla Firefox 16 
Mozilla Firefox ESR 115 
Mozilla Firefox ESR 128 11 
Waterfox 
Vivaldi 

Microsoft Product Updates Included in March 2025 Third-Party Patches 

In addition to Edge, Microsoft issued security updates for several other products. 

  • Microsoft .NET Runtime 8.0 
  • Microsoft .NET Runtime 9.0 
  • Microsoft .NET SDK 8.0 
  • Microsoft .NET SDK 9.0 
  • Microsoft 365 Apps 
  • Microsoft ASP.NET Core Runtime 8.0 
  • Microsoft ASP.NET Core Runtime 9.0 
  • Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 
  • Microsoft ASP.NET Core Runtime Hosting Bundle 9.0 
  • Microsoft Azure CLI 
  • Microsoft Visual Studio 2019 Enterprise 
  • Microsoft Visual Studio 2019 Professional 
  • Microsoft Visual Studio 2022 Enterprise 
  • Microsoft Visual Studio 2022 Professional 
  • Microsoft Visual Studio Feedback Client 2017 
  • Microsoft Visual Studio Team Explorer 2019 
  • Microsoft Windows Desktop Runtime 8.0 
  • Microsoft Windows Desktop Runtime 9.0 

Detailed List of March 2025 Third-Party Patches 

For a complete list of applications, versions, and the number of remediated vulnerabilities, see the table below generated using Application Workspace data.  

ProductName VersionName Vulnerabilities remediated 
Adobe Acrobat DC 25.001.20432 10 
Adobe Acrobat DC Pro and Standard 2020 Classic Track 20.005.30763 10 
Adobe Acrobat Reader 2020 MUI – Classic Track 20.005.30763 10 
Adobe Acrobat Reader DC 25.001.20432 10 
Adobe Acrobat Reader DC – Multilingual (MUI) 25.001.20432 10 
Adobe Reader DC 25.001.20432 10 
Brave Browser 1.76.74 
Brave Browser 1.76.80 
Brave Browser 1.76.73 
Caphyon Advanced Installer 22.5 
Coder 2.19.1 
Docker Desktop 4.39.0 
Docker Desktop 4.39.0.184744 
Electron 32.3.3 
Electron 34.3.4 
Electron 33.4.6 
Electron 33.4.3 
Ghostscript 10.05.0 
Gitleaks 8.24.2 
Google Chrome for Business 134.0.6998.118 
Google Chrome for Business 134.0.6998.178 
Google Chrome for Business 134.0.6998.89 
Google Chrome for Business 134.0.6998.36 
Google Chrome for Linux 134.0.6998.117 
Google Chrome for Linux 134.0.6998.88 
Google Chrome for Linux 134.0.6998.35 
Google Chrome for Mac 134.0.6998.118 
Google Chrome for Mac 134.0.6998.89 
Google Chrome for Mac 134.0.6998.45 
Google Go Programming Language 1.23 1.23.7 
Google Go Programming Language 1.24 1.24.1 
IBM Semeru Runtime Open Edition JDK 23 23.0.1.11 
IBM Semeru Runtime Open Edition JRE 23 23.0.1.11 
Mendix 10 10.21.0.64362 
Microsoft .NET Runtime 8.0 8.0.14.34611 
Microsoft .NET Runtime 8.0 8.0.14 
Microsoft .NET Runtime 9.0 9.0.3 
Microsoft .NET SDK 8.0 8.0.407 
Microsoft .NET SDK 8.0 8.4.725.11310 
Microsoft .NET SDK 9.0 9.0.202 
Microsoft .NET SDK 9.0 9.0.201 
Microsoft 365 Apps 2408 (Build 16.0.17928.20468) 11 
Microsoft 365 Apps 2501 (Build 16.0.18429.20200) 11 
Microsoft 365 Apps 2502 (Build 16.0.18526.20168) 11 
Microsoft 365 Apps 16.95.25030928 
Microsoft ASP.NET Core Runtime 8.0 8.0.14.25112 
Microsoft ASP.NET Core Runtime 8.0 8.0.14 
Microsoft ASP.NET Core Runtime 9.0 9.0.3 
Microsoft ASP.NET Core Runtime Hosting Bundle 8.0 8.0.14.25112 
Microsoft ASP.NET Core Runtime Hosting Bundle 9.0 9.0.3 
Microsoft Azure CLI 2.70.0 
Microsoft Edge Beta 134.0.3124.66 
Microsoft Edge Beta 134.0.3124.51 10 
Microsoft Edge Beta 134.0.3124.62 
Microsoft Edge for Business 134.0.3124.66 
Microsoft Edge for Business 134.0.3124.83 
Microsoft Edge for Business 134.0.3124.93 
Microsoft Edge for Business 134.0.3124.51 
Microsoft Edge for Business for Linux 134.0.3124.83 
Microsoft Edge for Business for Linux 134.0.3124.68 
Microsoft Edge for Business for Linux 134.0.3124.51 10 
Microsoft Edge for Business for Mac 134.0.3124.83 
Microsoft Edge for Business for Mac 134.0.3124.51 
Microsoft Edge for Business for Mac 134.0.3124.62 
Microsoft Visual Studio 2019 Enterprise 16.11.35826.135 
Microsoft Visual Studio 2019 Professional 16.11.35826.135 
Microsoft Visual Studio 2022 Enterprise 17.8.35827.206 
Microsoft Visual Studio 2022 Enterprise 17.10.35827.194 
Microsoft Visual Studio 2022 Enterprise 17.12.35827.183 
Microsoft Visual Studio 2022 Enterprise 17.13.35828.75 
Microsoft Visual Studio 2022 Professional 17.8.35827.206 
Microsoft Visual Studio 2022 Professional 17.10.35827.194 
Microsoft Visual Studio 2022 Professional 17.12.35827.183 
Microsoft Visual Studio 2022 Professional 17.13.35828.75 
Microsoft Visual Studio Feedback Client 2017 15.9.35826.203 
Microsoft Visual Studio Team Explorer 2019 16.11.35826.135 
Microsoft Windows Desktop Runtime 8.0 8.0.14.34613 
Microsoft Windows Desktop Runtime 9.0 9.0.3 
Mozilla Firefox 136.0.4 
Mozilla Firefox 136.0 15 
Mozilla Firefox ESR 115 115.21.1 
Mozilla Firefox ESR 115 115.21.0 
Mozilla Firefox ESR 128 128.8.1 
Mozilla Firefox ESR 128 128.8.0 10 
Mozilla Thunderbird 136.0 11 
Mozilla Thunderbird 136.0 13 
Mozilla Thunderbird ESR 128 128.8.0 10 
Pale Moon 33.6.1 
Snagit 2022 2022.2.9 
Snagit 2025 2025.1.0 
TeamCity 2025.03 
Termius 9.16.0 
Termius 9.16.0.0 
The Document Foundation LibreOffice 25 25.2.1.2 
Vivaldi 7.2.3621.71 
Vivaldi 7.1.3570.60 
VMware Workstation Player 17 17.6.3.24583834 
VMware Workstation Pro 17 17.6.3.24583834 
Waterfox 6.5.5 

Conclusion 

Timely third-party patching remains essential for protecting your IT environment. March 2025’s updates addressed significant vulnerabilities across major browsers and applications, strengthening your organization’s defense and operational stability. Stay tuned for next month’s insights. 

For deeper insights into how third-party patch management reduces your attack surface, explore our eBook “Reduce Your Attack Footprint” or follow our App Management and Patching series

Trending Topics

How to Enable FileVault on macOS with Microsoft Intune  

How to Enable Device Hardware Inventory with Microsoft Intune 

Application Workspace 4.3 Elevates User Experience and Management 

How to Deploy Software Updates to macOS Devices with Declarative Device Management using Microsoft Intune

Related Resources

Featured Image
Security and Compliance

How to Enable FileVault on macOS with Microsoft Intune  

Fabian Rodriguez
Fabian Rodriguez
April 17, 2025
Featured Image
Security and Compliance

How to Deploy Software Updates to macOS Devices with Declarative Device Management using Microsoft Intune

Fabian Rodriguez
Fabian Rodriguez
April 15, 2025
Featured Image
Security and Compliance

Apache Guacamole as a Low-Cost Bastion Alternative 

Donny van der Linde
Donny van der Linde
April 4, 2025
Featured Image
Security and Compliance

How a National Social Services Organization Streamlined IT Operations and Enhanced Security with Right Click Tools and Endpoint Insights

Matt Wieland
Matt Wieland
March 21, 2025
Featured Image
Security and Compliance

Microsoft Intune vs. Configuration Manager for Third-Party Application Patching 

Matt Wieland
Matt Wieland
March 12, 2025
Featured Image
Security and Compliance

How to Block Unmanaged macOS Devices from Accessing Corporate Resources with Microsoft Intune

Fabian Rodriguez
Fabian Rodriguez
March 11, 2025
Featured Image
Security and Compliance

February 2025 Third-Party Patches: Notable Vulnerabilities and Updates

Tuukka Tiainen
Tuukka Tiainen
March 6, 2025
Featured Image
Security and Compliance

Enterprise Application Management: App Store Showdown

Ben Ward
Ben Ward
March 5, 2025
Featured Image
Security and Compliance

Help! Ivanti Workspace Control Is Reaching End-of-Life—Now What? 

Hugo Peters
Hugo Peters
February 25, 2025
Featured Image
Security and Compliance

Mandatory MFA for All Sign-Ins: Act Now

Donny van der Linde
Donny van der Linde
February 20, 2025
Featured Image
Security and Compliance

Take Advantage of Ivanti Workspace Control’s Phase-Out and Build for the Future

Mels Dees
Mels Dees
February 11, 2025
Featured Image
Security and Compliance

Client Management with Microsoft Defender and Microsoft Intune: A Comparative Guide for Security Profiles

Jannik Reinhard
Jannik Reinhard
February 10, 2025
Featured Image
Security and Compliance

January 2025 Third-Party Patches: Notable Vulnerabilities and Updates

Tuukka Tiainen
Tuukka Tiainen
February 10, 2025
Featured Image
Security and Compliance

January 2025 Patch Tuesday: Major Security Updates and Active Exploits 

Matt Wieland
Matt Wieland
January 16, 2025
Featured Image
Security and Compliance

December 2024 Third-Party Patches: Notable Vulnerabilities and Updates 

Tuukka Tiainen
Tuukka Tiainen
January 14, 2025
Featured Image
Security and Compliance

December 2024 Patch Tuesday: Addressing a High-Volume of Critical Vulnerabilities and an Actively Exploited Zero-Day

Matt Wieland
Matt Wieland
December 13, 2024
Featured Image
Security and Compliance

November 2024 Third-Party Patches: Notable Vulnerabilities and Updates 

Tuukka Tiainen
Tuukka Tiainen
December 5, 2024
Featured Image
Security and Compliance

Simplifying Application Deployments and Updates in Intune

Matt Wieland
Matt Wieland
November 14, 2024
Featured Image
Security and Compliance

November 2024 Patch Tuesday: Key Security Updates and Vulnerabilities

Matt Wieland
Matt Wieland
November 13, 2024
Featured Image
Security and Compliance

How to Use Recast’s Product Suite in Your Complex Environment

Marty Miller
Marty Miller
November 6, 2024
Featured Image
Security and Compliance

October 2024 Third-Party Patches

Tuukka Tiainen
Tuukka Tiainen
November 5, 2024
Featured Image
Security and Compliance

September 2024 Third-Party Patches

Tuukka Tiainen
Tuukka Tiainen
October 10, 2024
Featured Image
Security and Compliance

October 2024 Patch Tuesday: Critical Security Updates

Matt Wieland
Matt Wieland
October 9, 2024
Featured Image
Security and Compliance

August 2024 Third-Party Patches

Tuukka Tiainen
Tuukka Tiainen
September 17, 2024
Featured Image
Security and Compliance

September 2024 Patch Tuesday: Critical Security Updates

Matt Wieland
Matt Wieland
September 12, 2024
Featured Image
Security and Compliance

July 2024 Third-Party Patches

Tuukka Tiainen
Tuukka Tiainen
August 16, 2024
Featured Image
Security and Compliance

Patch Tuesday August 2024: Critical Vulnerability Roundup 

Matt Wieland
Matt Wieland
August 13, 2024
Featured Image
Security and Compliance

5 Key Strategies for Small Business Disaster Recovery

Marty Miller
Marty Miller
August 13, 2024
Featured Image
Security and Compliance

Automated Third-Party Patching Controls: Lessons from the CrowdStrike Incident

Marty Miller
Marty Miller
July 23, 2024
Featured Image
Security and Compliance

June 2024 Third-Party Patches

Tuukka Tiainen
Tuukka Tiainen
July 11, 2024
Back to Top