Fortra's September 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.
Up first on the list are Chromium and Microsoft Edge (Chromium-based) patches that resolve five issues, including use after free, inappropriate implementation, and security feature bypass vulnerabilities.
Next are patches for Microsoft Office, Word, Excel, PowerPoint, and Visio. These patches resolve 14 issues, including remote code execution, spoofing, and information disclosure vulnerabilities.
Next are two patches for Adobe Acrobat and Reader that resolve code execution and security feature bypass vulnerabilities.
Up next are patches that affect components of the core Windows operating system. These patches resolve over 55 vulnerabilities, including elevation of privilege, denial of service, information disclosure, and remote code execution vulnerabilities. These vulnerabilities affect Kernel, SMB, RRAS, UI XAML, Defender, Imaging Component, Brokering File System, Graphics Kernel, Kernel-mode Driver, Bluetooth Service, NFTS, and various others.
Lastly, administrators should focus on server-side patches for SQL Server, SharePoint, and Hyper-V that resolve eight issues, including remote code execution, elevation of privilege, and information disclosure vulnerabilities.
BULLETIN | CVE |
CVE-2025-9864, CVE-2025-9865, CVE-2025-9866, CVE-2025-9867, CVE-2025-53791 | |
CVE-2025-54905 | |
CVE-2025-54908 | |
CVE-2025-54910, CVE-2025-54906, CVE-2025-55243 | |
CVE-2025-54901, CVE-2025-54900, CVE-2025-54903, CVE-2025-54902, CVE-2025-54904, CVE-2025-54896, CVE-2025-54898, CVE-2025-54899 | |
CVE-2025-54907 | |
CVE-2025-54257, CVE-2025-54255 | |
CVE-2025-53799, CVE-2025-55245, CVE-2025-54105, CVE-2025-54915, CVE-2025-54104, CVE-2025-54109, CVE-2025-53810, CVE-2025-53808, CVE-2025-54094, CVE-2025-54099, CVE-2025-55317, CVE-2025-49734, CVE-2025-55223, CVE-2025-55236, CVE-2025-55226, CVE-2025-54093, CVE-2025-53800, CVE-2025-53807, CVE-2025-54919, CVE-2025-55228, CVE-2025-55224, CVE-2025-54110, CVE-2025-53803, CVE-2025-53804, CVE-2025-53809, CVE-2025-54894, CVE-2025-54103, CVE-2025-54918, CVE-2025-54895, CVE-2025-54101, CVE-2025-55242, CVE-2025-49692, CVE-2025-54108, CVE-2025-54111, CVE-2025-53798, CVE-2025-53797, CVE-2025-53796, CVE-2025-53806, CVE-2025-55225, CVE-2025-54097, CVE-2025-54096, CVE-2025-54095, CVE-2025-54113, CVE-2025-54106, CVE-2025-55234, CVE-2025-54114, CVE-2025-54102, CVE-2025-53802, CVE-2025-54112, CVE-2025-53801, CVE-2025-54912, CVE-2025-54911, CVE-2025-54116, CVE-2025-54917, CVE-2025-54107, CVE-2025-54913, CVE-2025-53805, CVE-2025-54916 | |
CVE-2025-54115, CVE-2025-54098, CVE-2025-54092, CVE-2025-54091 | |
CVE-2025-55227, CVE-2025-47997, CVE-2024-21907 | |
CVE-2025-54897 |
Strengthen your Security Posture
Mature beyond checkbox compliance and strengthen your security posture.
