#security-patch

#security-patch

The update includes the November 2025 security patch level. The changelog mentions faster app launches from the Home screen, customizable widget names, the ability to resize the clock in Flux themes, widgets being draggable onto other widgets to stack them, automatic straightening being available when cropping and rotating portrait and architectural images in Photos, videos can be set as ringtones, improved virus scanning speed,

The vulnerability has been identified in ASP.NET Core versions 10.0, 9.0, 8.0, and the Kestrel package for 2.x. An attacker who is already authorized can bypass a security feature by exploiting inconsistent parsing of HTTP requests and responses. Microsoft states there are no known mitigating factors for the HTTP request/response smuggling scenario and strongly recommends patching to the listed fixed versions to prevent the security bypass.

Xiaomi recently rolled out the Android 16-based HyperOS 3 stable update for the Xiaomi 15T and 15T Pro's global units, and now it's the non-T model that's getting upgraded to HyperOS 3. The HyperOS 3 stable update for the global Xiaomi 15 is currently rolling out in some European countries for Mi Pilot members, but the rollout should expand to more regions soon.

SAP issued a patch for the 9.9-rated flaw in August. It is tracked as CVE-2025-42957, and it affects both private cloud and on-premises versions. According to SecurityBridge Threat Research Labs, which originally spotted and disclosed the vulnerability to SAP, the team "verified actual abuse of this vulnerability." It doesn't appear to be widespread (yet), but the consequences of this flaw are especially severe.

Many Pixel phone owners report significant battery drain after the May patch, with Google investigating the widespread issue affecting models from Pixel 6 onward.

Google's May 2025 Pixel Update addresses critical vulnerabilities, including one actively exploited, and enhances functionality across devices with numerous bug fixes and improvements.