Application Management and Patching

February 2025 Third-Party Patches: Notable Vulnerabilities and Updates

Tuukka Tiainen
Published on: March 6, 2025
Topics: Application Management and Patching
Tags:

Are you confident your third-party patches are up to date?

With Application Manager you can be. Save yourself and your team precious time by automating entire application deployment processes.

Learn More

February’s data shows fewer vulnerable applications and fewer new software versions released. However, the total number of patched vulnerabilities increased, meaning each release patched more vulnerabilities on average than in January. This month, prioritize updates for browsers, especially those classified as high-risk vulnerabilities.

February 2025 Third-Party Patches

Notable Vulnerabilities in February 2025 Third-Party Patches 

In February 2025 there were no patched vulnerabilities with 9.0 or higher CVSS rating. This means that none of the vulnerabilities were classified as critical. None of the vulnerabilities were classified as a zero day either.  

Chromium-Based Vulnerabilities 

  • CVE-2025-0999 has a CVSS rating of 8.8 and it affects multiple Chromium based products such as Chrome, Edge, Electron, Edge and Burb Suite. More information can be found on the Google Chrome release notes. There are more Chromium related vulnerabilities. More information can be found on Google’s corresponding release notes pages. 
  • CVE-2025-0612, CVE-2025-0611: Initially patched for most browsers in January; Electron 32 update released this month. More information can be found on their release notes as well as this  set of notes
  • CVE-2025-0437, CVE-2025-0762: Chromium vulnerabilities originally released in January, but patched for Microsoft Edge in February. More information can be found on Microsoft MSRC’s advisory. The second vulnerability was also patched by Brave Browser. 
  • Additional Chromium vulnerabilities patched this month:   

Brave Browser Vulnerabilities

Brave has finally patched CVE-2025-0995 that allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. More information about the vulnerability can be found on Google Chrome’s release notes

Mozilla Vulnerabilities 

Firefox and Thunderbird had a memory safety vulnerability CVE-2025-1017 affecting them. More information can be found on the Mozilla’s security advisory. CVE-2025-1020 was another vulnerability patched by Mozilla. See this advisory for more information. Third affecting vulnerability is CVE-2024-11704

TurboVNC Vulnerabilities 

TurboVNC is a derivative of VNC (Virtual Network Computing) that is tuned to provide peak performance for 3D and video workloads. It was patched for CVE-2024-9632. Release notes can be found on GitHub. If you are interested in more vulnerability details, you can check out the original advisory in GitHub too. 

Browser Security Updates in February 2025 

Browser Vulnerabilities Updates 
Google Chrome 10 
Microsoft Edge 52 
Brave Browser 
Pale Moon 
Mozilla Firefox 12 
Mozilla Firefox ESR 115 
Mozilla Firefox ESR 128 
Waterfox 

Microsoft Product Updates Included in February 2025 Third-Party Patches 

In addition to Edge, Microsoft issued security updates for several widely-used tools, including Microsoft 365 Apps, Visual Studio (2017-2022), Visual Studio Code, and related developer tools, addressing vulnerabilities primarily related to stability and security. 

  • Microsoft 365 Apps 
  • Microsoft Visual Studio Code 
  • Microsoft Visual Studio 2019 Enterprise 
  • Microsoft Visual Studio 2022 Community 
  • Microsoft Visual Studio Team Explorer 2019 
  • Microsoft Visual Studio Team Explorer 2022 
  • Microsoft Visual Studio Feedback Client 2017 
  • Microsoft Visual Studio Team Explorer 2017 
  • Microsoft Visual Studio 2019 Community 
  • Microsoft Visual Studio 2017 Enterprise 
  • Microsoft Visual Studio 2017 Community 
  • Microsoft Visual Studio 2017 Professional 
  • Microsoft Visual Studio 2019 Professional 
  • Microsoft Visual Studio 2022 Enterprise 
  • Microsoft Visual Studio 2022 Professional 

Detailed List of February 2025 Third-Party Patches 

For a complete list of applications, versions, and the number of remediated vulnerabilities, see the table below generated using Application Workspace data.  

ProductName VersionName Vulnerabilities remediated 
Brave Browser 1.74.51 
Brave Browser 1.75.180 
Brave Browser 1.75.178 
Burp Suite Community Edition 2025.2.1 
Burp Suite Community Edition 2025.2 
Burp Suite Professional Edition 2025.2.1 
Burp Suite Professional Edition 2025.2 
Chef Workstation 25.2.1075 
Chef Workstation for Windows 25.2.1075 
Datadog Agent 7.63.0 
Electron 32.3.2 
Electron 33.4.2 
Electron 32.3.2 
EnterpriseDB Corporation PostgreSQL 13 13.19.1 
EnterpriseDB Corporation PostgreSQL 14 14.16.1 
EnterpriseDB Corporation PostgreSQL 15 15.11.1 
EnterpriseDB Corporation PostgreSQL 16 16.7.1 
EnterpriseDB Corporation PostgreSQL 17 17.3 
EnterpriseDB Corporation PostgreSQL 17 17.3.1 
Github CLI 2.67.0 
Google Chrome for Business 133.0.6943.99 
Google Chrome for Business 133.0.6943.127 
Google Chrome for Business 133.0.6943.54 
Google Go Programming Language 1.22 1.22.12 
Google Go Programming Language 1.23 1.23.6 
JetBrains ReSharper 2024.1 2024.1.7 
MariaDB Server 10.11 10.11.11 
MariaDB Server 10.5 10.5.28.0 
MariaDB Server 10.6 10.6.21 
MariaDB Server 11.4 11.4.5 
Microsoft 365 Apps 2408 (Build 16.0.17928.20440) 20 
Microsoft 365 Apps 2412 (Build 16.0.18324.20240) 20 
Microsoft 365 Apps 2501 (Build 16.0.18429.20158) 20 
Microsoft 365 Apps 16.94.25020927 
Microsoft Edge Beta 133.0.3065.51 10 
Microsoft Edge Beta 133.0.3065.51 15 
Microsoft Edge for Business 133.0.3065.51 15 
Microsoft Edge for Business 133.0.3065.59 15 
Microsoft Edge for Business 133.0.3065.69 
Microsoft Edge for Business 133.0.3065.82 
Microsoft Edge for Business 133.0.3065.59 14 
Microsoft Visual Studio 2017 Community 15.9.35727.129 
Microsoft Visual Studio 2017 Enterprise 15.9.35727.129 
Microsoft Visual Studio 2017 Professional 15.9.35727.129 
Microsoft Visual Studio 2019 Community 16.11.35731.53 
Microsoft Visual Studio 2019 Enterprise 16.11.35731.53 
Microsoft Visual Studio 2019 Professional 16.11.35731.53 
Microsoft Visual Studio 2022 Community 17.13.35806.99 
Microsoft Visual Studio 2022 Enterprise 17.12.35728.132 
Microsoft Visual Studio 2022 Enterprise 17.10.35728.63 
Microsoft Visual Studio 2022 Enterprise 17.13.35806.99 
Microsoft Visual Studio 2022 Enterprise 17.8.35728.64 
Microsoft Visual Studio 2022 Professional 17.8.35728.64 
Microsoft Visual Studio 2022 Professional 17.10.35728.63 
Microsoft Visual Studio 2022 Professional 17.13.35806.99 
Microsoft Visual Studio 2022 Professional 17.12.35728.132 
Microsoft Visual Studio Code 1.97.1 
Microsoft Visual Studio Feedback Client 2017 15.9.35727.129 
Microsoft Visual Studio Team Explorer 2017 15.9.35727.129 
Microsoft Visual Studio Team Explorer 2019 16.11.35731.53 
Microsoft Visual Studio Team Explorer 2022 17.13.35806.99 
Mozilla Firefox 135.0.1 
Mozilla Firefox 135.0 11 
Mozilla Firefox ESR 115 115.20.0 
Mozilla Firefox ESR 115 115.20.0 
Mozilla Firefox ESR 128 128.7.0 
Mozilla Firefox ESR 128 128.7.0 
Mozilla Thunderbird ESR 128 128.7.0 12 
OpenSSL 3.1.8 
OpenSSL 3.0.16 
OpenSSL 3.2.4 
OpenSSL 3.3.3 
OpenSSL 3.4.1 
OpenSSL Light 3.1.8 
OpenSSL Light 3.4.1 
OpenSSL Light 3.0.16 
OpenSSL Light 3.2.4 
OpenSSL Light 3.3.3 
Pale Moon 33.6.0 
Rider 2024 2024.1.7 
Snagit 2024 2024.3.2 
Snagit 2025 2025.0.0 
Studio 3T 2025.3.0 
Studio 3T 2025.2.0 
TeamCity 2024.12.2 
The Document Foundation LibreOffice 24 24.8.5.2 
TurboVNC 3.1.4 12 
Waterfox 6.5.4 

Conclusion 

Timely third-party patching remains essential for protecting your IT environment. February 2025’s updates addressed significant vulnerabilities across major browsers and applications, strengthening your organization’s defense and operational stability. Stay tuned for next month’s insights. 

For deeper insights into how effective third-party patch management reduces your attack surface, explore our eBook Reduce Your Attack Footprint or follow our App Management and Patching series

Trending Topics

How Intune’s New Properties Catalog Improves Inventory Management

How to Block Unmanaged macOS Devices from Accessing Corporate Resources with Microsoft Intune

Don’t Forget about Access Policies in Application Workspace

How to Deploy Microsoft 365 Apps to macOS Devices with Intune  

Related Resources

Featured Image
Security and Compliance

How to Block Unmanaged macOS Devices from Accessing Corporate Resources with Microsoft Intune

Fabian Rodriguez
Fabian Rodriguez
March 11, 2025
Featured Image
Security and Compliance

Enterprise Application Management: App Store Showdown

Ben Ward
Ben Ward
March 5, 2025
Featured Image
Security and Compliance

Help! Ivanti Workspace Control Is Reaching End-of-Life—Now What? 

Hugo Peters
Hugo Peters
February 25, 2025
Featured Image
Security and Compliance

Mandatory MFA for All Sign-Ins: Act Now

Donny van der Linde
Donny van der Linde
February 20, 2025
Featured Image
Security and Compliance

Take Advantage of Ivanti Workspace Control’s Phase-Out and Build for the Future

Mels Dees
Mels Dees
February 11, 2025
Featured Image
Security and Compliance

Client Management with Microsoft Defender and Microsoft Intune: A Comparative Guide for Security Profiles

Jannik Reinhard
Jannik Reinhard
February 10, 2025
Featured Image
Security and Compliance

January 2025 Third-Party Patches: Notable Vulnerabilities and Updates

Tuukka Tiainen
Tuukka Tiainen
February 10, 2025
Featured Image
Security and Compliance

January 2025 Patch Tuesday: Major Security Updates and Active Exploits 

Matt Wieland
Matt Wieland
January 16, 2025
Featured Image
Security and Compliance

December 2024 Third-Party Patches: Notable Vulnerabilities and Updates 

Tuukka Tiainen
Tuukka Tiainen
January 14, 2025
Featured Image
Security and Compliance

December 2024 Patch Tuesday: Addressing a High-Volume of Critical Vulnerabilities and an Actively Exploited Zero-Day

Matt Wieland
Matt Wieland
December 13, 2024
Featured Image
Security and Compliance

November 2024 Third-Party Patches: Notable Vulnerabilities and Updates 

Tuukka Tiainen
Tuukka Tiainen
December 5, 2024
Featured Image
Security and Compliance

Simplifying Application Deployments and Updates in Intune

Matt Wieland
Matt Wieland
November 14, 2024
Featured Image
Security and Compliance

November 2024 Patch Tuesday: Key Security Updates and Vulnerabilities

Matt Wieland
Matt Wieland
November 13, 2024
Featured Image
Security and Compliance

How to Use Recast’s Product Suite in Your Complex Environment

Marty Miller
Marty Miller
November 6, 2024
Featured Image
Security and Compliance

October 2024 Third-Party Patches

Tuukka Tiainen
Tuukka Tiainen
November 5, 2024
Featured Image
Security and Compliance

September 2024 Third-Party Patches

Tuukka Tiainen
Tuukka Tiainen
October 10, 2024
Featured Image
Security and Compliance

October 2024 Patch Tuesday: Critical Security Updates

Matt Wieland
Matt Wieland
October 9, 2024
Featured Image
Security and Compliance

August 2024 Third-Party Patches

Tuukka Tiainen
Tuukka Tiainen
September 17, 2024
Featured Image
Security and Compliance

September 2024 Patch Tuesday: Critical Security Updates

Matt Wieland
Matt Wieland
September 12, 2024
Featured Image
Security and Compliance

July 2024 Third-Party Patches

Tuukka Tiainen
Tuukka Tiainen
August 16, 2024
Featured Image
Security and Compliance

Patch Tuesday August 2024: Critical Vulnerability Roundup 

Matt Wieland
Matt Wieland
August 13, 2024
Featured Image
Security and Compliance

5 Key Strategies for Small Business Disaster Recovery

Marty Miller
Marty Miller
August 13, 2024
Featured Image
Security and Compliance

Automated Third-Party Patching Controls: Lessons from the CrowdStrike Incident

Marty Miller
Marty Miller
July 23, 2024
Featured Image
Security and Compliance

June 2024 Third-Party Patches

Tuukka Tiainen
Tuukka Tiainen
July 11, 2024
Featured Image
Security and Compliance

Patch Tuesday July 2024: Critical Vulnerability Roundup 

Matt Wieland
Matt Wieland
July 9, 2024
Featured Image
Security and Compliance

Patch Tuesday June 2024: Critical Vulnerability Roundup 

Matt Wieland
Matt Wieland
June 13, 2024
Featured Image
Security and Compliance

The Struggle of Packaging Applications

Donny van der Linde
Donny van der Linde
May 21, 2024
Featured Image
Security and Compliance

Patch Tuesday May 2024: Critical Vulnerability Roundup 

Matt Wieland
Matt Wieland
May 15, 2024
Featured Image
Security and Compliance

Ivanti Workspace Control End of Life: Discover Your Next Steps with Application Workspace

Donny van der Linde
Donny van der Linde
April 23, 2024
Featured Image
Security and Compliance

Recast Software Achieves ISO 27001 Certification 

Matt Wieland
Matt Wieland
April 19, 2024
Back to Top