Post-Patch Tuesday Roundup: April 2025 | Softcat
Skip to main content

Login to eCAT

Customer Support
Contact Sales
Blog

Post-Patch Tuesday Roundup: April 2025

Welcome to the Softcat Patch Tuesday roundup for April 2025, where we offer insight into the major patches released this month. In this edition, we will focus on the patches by Microsoft, Adobe, Cisco, Fortinet, Ivanti, SAP, and VMware.

Cyber Security

Post patch tuesday image 1

Preeti Nandal

Cyber Security Assessor

Microsoft

In their April Patch Tuesday release, Microsoft has addressed 121 vulnerabilities, with 11 of those rated as Critical and just 1 being a zero-day vulnerability. The patches cover a broad array of applications and services, including Microsoft LDAP, Exchange, Office, Excel, SharePoint, Windows TCP/IP, Windows itself and more.

This month's vulnerabilities chiefly revolve around Elevation of Privilege (EoP), Remote Code Execution (RCE), and Information Disclosure. Outlined below is the actively exploited zero-day vulnerability:

1. CVE-2025-29824 – This is an Elevation of Privilege vulnerability in the Windows Common Log File System Driver that can allow an attacker to gain SYSTEM privileges on a targeted system. Although it is only rated as Important, it is known to have been exploited in the wild; therefore, users should look to patch this vulnerability as soon as possible to prevent potential exploitation. The vulnerability stems from a Use After Free condition, which allows an authenticated attacker with local access to elevate their privileges by exploiting how memory is handled in the driver.

 

Of the 11 vulnerabilities rated as Critical, only four have been noted to be “Exploitation More Likely” by Microsoft. These four are all RCE vulnerabilities and relate to Windows LDAP (CVE-2025-26663 & CVE-2025-26670) and Windows Remote Desktop Services (CVE-2025-27480 & CVE-2025-27482).

 

Adobe

Adobe has released twelve patches this month, addressing 48 vulnerabilities. The applications in question are:

· Adobe ColdFusion

· Adobe After Effects

· Adobe Media Encoder

· Adobe Bridge

· Adobe Commerce

· Adobe Premiere Pro

· Adobe Photoshop

· Adobe Animate

· Adobe FrameMaker

· Adobe XMP Toolkit SDK

Adobe Cold fusion is given a priority 1, Adobe Commerce is priority 2, and the rest are priority 3.

 

Cisco

Cisco has so far released 6 advisories for 7 vulnerabilities in April, with the impact ratings ranging from Medium to Critical. The Critical vulnerabilities relate to Cisco Smart Licensing Utility Vulnerabilities

 

Fortinet

Fortinet has addressed 5 vulnerabilities in April: 1 Critical, 2 High, 1 Medium, and 1 Low severity.

The Critical severity vulnerability is CVE-2024-48887. An unverified password change vulnerability in the FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords without authorisation.

The High severity vulnerability address two vulnerability CVE-2024-26013 and CVE-2024-50565. A improper restriction of communication channel to intended endpoints vulnerability in FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice and FortiWeb may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device.

 

Ivanti

Ivanti has released updates for Ivanti Endpoint Manager in April, however there may be more concern around the Ivanti Connect Secure (CVE-2025-22457) vulnerability which is known to be exploited in the wild.

 

SAP

SAP has released 18 new security notes and 2 updates to previous security notes. 3 of these CVEs are “Critical”, 5 are rated “High” The products affected by the high to critical rated CVEs are:

· SAP S/4HANA

· SAP Landscape Transformation 

· SAP Financial Consolidation

· SAP BusinessObjects Business Intelligence platform 

· SAP NetWeaver Application Server ABAP

· SAP Commerce Cloud

· SAP Capital Yield Tax Management

· SAP NetWeaver and ABAP Platform

 

VMware

VMware has released three security advisories in April:

1. VMware Cloud Foundation, affecting VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Platform and VMware Telco Cloud Infrastructure. A malicious actor with local administrative privileges could escalate their privileges to root on the appliance running VMware Aria Operations. This vulnerability is rated as Important and has a CVSS score of 7.8

2. Tanzu with 2 critical advisories – VTDSA25581 (7 critical and 7 high) and VTDSA25580 (3 critical and 13 high) both affecting Greenplum.

 

Industrial Control Systems

Any customers utilising industrial control systems (ICS) should be aware of five security advisories regarding:

· ICSA-25-093-01 Hitachi Energy RTU500 Series

· ICSA-25-093-02 Hitachi Energy TRMTracker

· ICSA-25-093-03 ABB ACS880 Drives Containing CODESYS RTS

· ICSA-25-093-04 ABB Low Voltage DC Drives and Power Controllers CODESYS RTS

· ICSA-25-093-05 B&R APROL

As always, users are recommended to apply the latest security updates as soon as possible to protect their systems from potential threats.