Releases

Mondoo Release Highlights September 2025

As the colors of fall begin to show and the days start to get shorter, we certainly haven’t been sitting still at Mondoo. This month, we greatly extended our vulnerability detection capabilities, adding support for new operating systems and an impressive list of third-party applications. We also added support for EU and German compliance frameworks Dora and BSI SYS 1.5. On top of that we added experimental MCP security, streamlined the process of listing and filtering findings, and made advisory remediations easier to access. Dig in to find out more!

New and enhanced OS vulnerability detections

Mondoo now supports the latest Linux distributions with support for Fedora 42, Raspbian 13, Ubuntu 25.04, ​​RHEL Extended Update Support (EUS), and Enhanced Extended Update Support (E4S). Detection of vulnerabilities on Windows systems has been improved with support for Microsoft Exchange SU updates and improved .NET Framework detection, ensuring Mondoo always recognizes the latest features, packages, and updates installed on your systems.

Expanded vulnerability detection for third-party applications

Third-party application vulnerability scanning is vital because any security vulnerabilities in these applications can be an entry point for bad actors. That’s why we’re excited to share that we’ve greatly expanded coverage for common third-party applications found on both servers and employee workstations. In addition to covering common applications such as Firefox, Chrome, Edge, Nginx, and Exchange Server, Mondoo now also detects vulnerabilities in the following applications:

  • Bitwarden
  • Cisco Webex
  • Docker Desktop
  • FortiClient
  • GitHub Desktop App
  • LibreOffice
  • TeamViewer
  • VMware Tools
  • Notepad++
  • Firefox ESR releases on macOS
  • 7zip
  • Ollama
  • JetBrains IDEs
  • Oracle JDK on Windows
  • Adobe products with Adobe advisories such as Acrobat Reader, Photoshop, InDesign, and Illustrator
Mondoo detected a vulnerability in Adobe Acrobat

Model Context Protocol (MCP) security

MCP is powerful in that it allows AI agents to autonomously interact with external tools and data. However if not properly secured, it can introduce significant risks like prompt injection, data breaches, and the execution of unauthorized commands by malicious actors.

That is why we’ve now added new experimental MCP security capabilities using cnquery’s AI provider and our new Mondoo Model Context Protocol (MCP) security policy. Stay tuned for more updates while we build out this functionality.

Mondoo discovers MCP servers and highlights security vulnerabilities

Support for BSI SYS 1.5 and DORA compliance frameworks 

In September we added support for two important frameworks in Germany and the EU:

BSI SYS 1.5 Virtualisierung

BSI SYS.1.5 Virtualisierung refers to a specific requirement within the BSI IT-Grundschutz (German Federal Office for Information Security baseline protection) standard that deals with the security requirements and implementation of virtualized systems. It is mandatory for German Federal government agencies and Operators of Critical Infrastructures (KRITIS). For private companies and other organizations, adopting IT-Grundschutz is voluntary but strongly recommended. Mondoo now includes out-of-the-box policies that check for compliance with BSI SYS 1.5.

Digital Operational Resilience Act (DORA)

DORA is a comprehensive European Union (EU) regulation that mandates all financial entities operating in the EU to enhance their digital operational resilience and cybersecurity. It introduces a harmonized approach to risk management, incident reporting, testing, and oversight of third-party technology providers across the EU's financial sector, with the goal of preventing and recovering from significant digital disruptions. Mondoo now

Mondoo checks for DORA compliance using out-of-the-box policies

Track findings, no matter what type

A Mondoo finding is now a finding no matter what type of finding it is. This eliminates the need for dedicated vulnerabilities, advisories, and checks tabs on assets as we simply show the findings for the asset. New filtering by type allows users to dive into specific types of findings still if they need to.

All findings on an asset are now listed in the Findings tab

Quick access to CVE remediations

When a CVE doesn’t include remediation data, but the vendor advisory does, we now directly show the remediation information on the CVE finding page. In the past we included a link to the advisory from the CVE page, but that required some awkward extra clicks and was overall funky at best. Now the necessary remediation is directly available in the Mondoo remediation section.

Mondoo now makes guided remediation from advisories easily accessible

Find and fix the security risks that pose the biggest threat to your business.

Ready to leave your attackers in the dust?

Mondoo v12

This month we’re excited to announce that we’ve implemented the next major release of Mondoo: version 12.0. This version includes some major scanning improvements, providing even deeper visibility into your environment, as well as cnspec usability improvements.

Cloud resource discovery by default

Gain deeper visibility and control over your cloud environments with enhanced resource discovery by default. Command line scans now automatically enumerate individual cloud resources, matching the comprehensive asset discovery previously exclusive to platform integrations. Instead of seeing a single asset for your cloud account, you now get detailed insights into each resource, making it easier to pinpoint issues, create precise exceptions, and accelerate remediation with clearer query results.

For those running in GCP, we’ve also added five new platforms to make scan results easier to view and remediate:

  • gcp-sql-mysql
  • gcp-sql-postgresql
  • gcp-sql-sqlserver
  • gcp-dns-zone
  • gcp-kms-keyring

Simplified command line output

Focus on what matters with simpler command line output by default. cnspec now skips data queries and compliance framework results by default so you can focus on vulnerabilities and misconfigurations. Output now also uses the same 0-100 scoring threshold displayed in the console, so results match no matter where you view your scans.

Improved Terraform resource querying

This update streamlines how you query Terraform resources, making it easier to access the data you need. Instead of complex filtering, you can now directly reference resources by type or name, reducing query complexity and improving readability.

For example with this simple HCL file:

resource "aws_instance" "example-1" {
 ami           = "ami-a1b2c3d4"
 instance_type = "t2.micro"
}

resource "aws_instance" "example-2" {
 ami           = "ami-a1b2c3d4"
 instance_type = "t2.micro"
}

You can now find the right resources with simpler one line queries:

# return all the "aws_instance" resources:
terraform.resources("aws_instance")

# return a specific resource by name:
terraform.resources("aws_instance", "example-1")

# return resources via a regular expression:
terraform.resources(/aws_/)

# return resources by type and name with a combination of strings and regular expressions:
terraform.resources("aws_instance", /example-[0-9]+/)

We’ve also removed a number of MQL resource fields that had previously been deprecated. All out-of-the-box policies have been updated for full v12 compatibility. Learn more about all changes in our Mondoo 12.0 is out! release notes.

New and updated policies and benchmarks 

Security guidance is changing at a blistering pace and at Mondoo we’re continuously updating policies to match the latest CIS recommendations. The updated policies include new checks to match the latest attack vectors and updated remediations to match vendor UI and CLI experiences.

Updated policies:

  • CIS VMware ESXi 8.0 Benchmark updated from 1.1 to 1.2
  • CIS AIX 7 Benchmark updated from 1.0 to 1.1
  • CIS Google Cloud Platform Foundation Benchmark updated from 3.0 to 4.0
  • CIS Apple macOS 14.0 Sonoma Benchmark updated from 2.0 to 2.1

New policies:

  • CIS Microsoft Azure Compute Services Benchmark 1.0
  • CIS Microsoft Azure Database Services Benchmark 1.0
  • CIS Cisco IOS XE 17.x Benchmark  2.2.1
  • CIS Cisco IOS XR 7.x Benchmark 3.0
  • CIS Microsoft Intune Windows 10 Benchmark 4.0
  • CIS Microsoft Intune Windows 11 Benchmark 4.0
  • VMware vSphere Security Configuration Guide 8 Benchmark

Scale secure deployments with Workload Identity Federation (WIF)

Workload Identity Federation (WIF) allows applications and services (workloads) to securely authenticate to cloud platforms and other services using short-lived tokens instead of managing long-lived credentials like API keys or passwords. This month we added WIF support for GitHub, Google Cloud and Microsoft Entra ID allowing you to easily deploy Mondoo to thousands of assets without the pain of credentials management. Implementing WIF also lowers the risk of leaked secrets since it uses temporary tokens.

Mondoo now includes the option to use Workload Identity Federation (WIF)

Stay on top of exceptions

This month we added further features to our exceptions, including improved filtering, email notifications, and more extensive user roles:

  • Filtering to better find exceptions: New filtering capabilities on the exceptions page allow you to quickly find the exceptions that need your attention with filtering on exception type, status, and expiration date.
  • Email notifications: Receive an email notification when an exception you created is going to expire in the next 72 hours or when an exception is created that requires your review.
  • Fine grained control of user roles: Want exact control over what users can do in orgs and spaces? Now you have it with additional fine grained roles that can be layered on top of the viewer role. Allow users to manage tickets or exceptions without giving them the ability to delete assets or upload policies. You’re choice.
Mondoo now includes enhanced user roles and permissions

That’s a wrap for September. We’re already working on some great things for October, so be sure to check back next month!

Tim Smith

Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007 and port scanning class As since 1994. He downloaded his first Linux distro on a 14.4 modem. Tim most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

Deborah Galea

Deborah is Director of Product Marketing at Mondoo and leads messaging and positioning, product launches, and sales enablement. She has 20+ years of experience in the cybersecurity industry. Prior to Mondoo, Deborah was Director of Product Marketing at Orca Security and held various marketing positions at other cybersecurity companies. She co-founded email security company Red Earth Software, which was acquired by cybersecurity firm OPSWAT in 2014.

You might also like

Vulnerabilities
Mondoo Raises $17.5M to Pioneer Agentic Vulnerability Management
Releases
Mondoo Release Highlights August 2025
Inventory
How to Find Vulnerabilities in Hidden Software Packages and Installers