Blog home
Releases

Mondoo Release Highlights October 2025

Tim Smith
Deborah Galea
November 4, 2025
5 min read

With October in the rearview mirror, we hope your Halloween was filled with more treats than tricks! This month at Mondoo we’ve been hard at work busting more of those tricky vulnerabilities for you. October’s update brings new detections for end-of-life operating systems, ensuring those ghostly legacy assets don’t haunt your security posture. We’ve also brewed up new and enhanced CIS benchmark policies, fresh vulnerability detections and remediations, a new ‘known ransomware use’ risk factor, and other powerful improvements to help you banish risk before it becomes a nightmare. Keep reading, if you dare, to uncover all the chillingly good details of our October release.

Expanded vulnerability detections and remediations

This month we delivered expanded vulnerability detections for Cisco IOS XR/XE, Ubuntu 25.10, and Fedora Linux 43, improved summaries for Red Hat, Microsoft, VS Code, and Amazon security advisories, and enhanced remediation guidance for Wireshark and Docker Desktop on Windows. And to make sure you always have the right information to prioritize findings, each CVE now includes vendor advisory information and links to additional vendor website details.

New risk factor: Known use in ransomware attacks

Ransomware attacks can leverage vulnerabilities in several phases of their operations, primarily for initial access, privilege escalation, and lateral movement. This allows them to bypass security controls, gain unauthorized access, and deploy their malicious payloads. If certain vulnerabilities are actively being used in ransomware attacks, it becomes even more critical to fix them as soon as possible. That’s why Mondoo now adds an additional risk factor to these CVEs, ‘Known Ransomware Use’, which automatically increases the risk score for the CVE.

If a CVE is known to be used in ransomware attacks, it’s shown as a risk factor

Extend the time limit for exceptions

Exceptions aren’t just a set it and forget it activity. Well-run teams should constantly reevaluate exceptions to make sure the risk is still acceptable and any workarounds are still functioning as expected. Mondoo now streamlines that evaluation flow with the possibility to extend exceptions.

When an exception is set, you can specify a time limit for it. When the exception is about to expire, the user will receive an email notification. In addition to removing the exception, they can now also request an extension for the exception.

Users can now request a time extension for the exception

Next, an extension justification is required, so others have visibility into the reasoning behind it.

Mondoo asks the reason for the exception extension

Mondoo also shows the complete history of each extension, so teams can track the full lifecycle and understand who requested and approved the extension, and why.

Exceptions in Mondoo show the full history of any extensions

CIS policy updates

Stay ahead of evolving threats by automatically checking if your policies comply with the latest CIS benchmarks. Our newest updates introduce dozens of new checks addressing today’s modern security challenges, along with hundreds of improvements for clearer guidance, requirements, and remediation steps.

New CIS benchmarks:

  • CIS Red Hat Enterprise Linux 10 Benchmark v1.0.1
  • CIS Cisco IOS XE 17.x Benchmark v2.2.1 level 2
  • CIS Cisco IOS XR 7.x Benchmark v3.0 level 2

Updated CIS benchmarks:

  • CIS Amazon Web Services Foundation Benchmark v5.0 -> v6.0
  • CIS Microsoft Azure Compute Services Benchmark v1.0-> v2.0
  • CIS Microsoft Windows Server 2016 Benchmark v3.0 -> v4.0
  • CIS Microsoft Windows Server 2019 Benchmark v3.0.1 -> v4.0
  • CIS Microsoft Windows Server 2022 Benchmark v3.0 -> v4.0
  • CIS macOS 15.0 Sequoia Benchmark v1.0 -> v1.1

Find and fix the security risks that pose the biggest threat to your business.

Get started

Ready to leave your attackers in the dust?

Schedule a demo

Expanded EOL detection

RIP, end-of-life (EOL) operating systems for which no more security updates or patches will be released. Needless to say (but we will anyway), running an EOL operating system is risky because if a new zero-day appears, there will be no fix. Attackers will be well aware of this and won’t waste time in actively scanning for these systems to find a way in. 

The good news is that this month we added detection for the following EOL operating systems: 

  • Cisco IOS XR
  • Cisco IOS XE
  • Clear Linux
  • SUSE Micro OS
  • Fedora 43

Speaking of end-of-life operating systems, Windows 10 is now officially EOL. If you haven’t upgraded yet, check out our Windows 10 EOL guide to understand the risks of running unsupported systems.

Find and scan all sub-domains automatically

Keeping your organization’s domains secure can feel like a full-time job, especially as teams spin up new subdomains for projects. With automatic subdomain detection, you now have complete visibility into the security of your external properties. Configure a single scanning integration for your main domain, and Mondoo will automatically discover and scan every subdomain for you.

Mondoo now includes automatic subdomain detection

Support for all major operating systems

Seriously, all of them. We did a deep dive to make sure we support and detect vulnerabilities and policy violations in all the top Linux distributions potentially used on employee workstations, as well as all common container image platforms that may be running in K8s clusters.

Newly supported platforms in both cnquery and within the Mondoo console include flatcar, bottlerocket, and zorin, to name but a few. Platforms that were previously supported in cnquery and are now also displayed within the console when scanned include wolfi, parrot, talos, and many more.

Other updates

Finally, a round up of a number of miscellaneous improvements:

  • Improved detection of Apple hardware models
  • Improved filtering now better exposes available filter options
  • New filters on the assets page now allow you to view only selected platforms
  • Total asset counts are now included on organization tiles
  • Improved asset overview for Model Context Protocol (MCP) and FreeBSD assets
  • Configurable audit log retention for private instances

That’s a wrap for October! We have many more exciting updates and additions planned for November. Stay tuned!

Tim Smith

Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007 and port scanning class As since 1994. He downloaded his first Linux distro on a 14.4 modem. Tim most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

Deborah Galea

Deborah is Director of Product Marketing at Mondoo and leads messaging and positioning, product launches, and sales enablement. She has 20+ years of experience in the cybersecurity industry. Prior to Mondoo, Deborah was Director of Product Marketing at Orca Security and held various marketing positions at other cybersecurity companies. She co-founded email security company Red Earth Software, which was acquired by cybersecurity firm OPSWAT in 2014.

You might also like

AI
Five Key Takeaways from ESG Report ‘Automating Risk Reduction in the AI Era’
Deborah Galea
October 31, 2025
Remediation
2025 State of Vulnerability Remediation Report: Manual Processes and Low Confidence
Deborah Galea
October 21, 2025
Microsoft
Windows 10 EOL: Why 5% of Corporate Workloads Still Run It
Deborah Galea
October 15, 2025

Sign up to receive Mondoo news:

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.