October 2025 Release Notes
The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.
Last updated: October 6th, 2025
What’s New
Learn about new features across the Command Platform. These features were released over the past month and are available now:
Risk
Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.
Simplify compliance with risk-aware visibility
Cloud Security (InsightCloudSec) now offers a modernized Risk-Aware Compliance experience that makes it easier to identify and remediate misconfigurations in the cloud. This new interface provides a consistent, user-friendly view across compliance features, helping you quickly assess compliance posture and adopt new capabilities more effectively.
With this capability in Findings > Misconfigurations, you can:
- Benefit from significantly improved performance for faster risk analysis and compliance assessments.
- Easily detect misconfigured assets in relation to the compliance standards that matter most to your organization.
- Visualize exemption status to optimize workflows and reduce manual overhead.
- Leverage enhanced tag visibility to manage and organize cloud infrastructure more effectively.
Accelerate risk reduction with Remediation Hub
Starting in August 2025, all Vulnerability Management (InsightVM) customers gained access to Remediation Hub, a centralized workspace that delivers a prioritized list of high-impact remediation actions. Powered by our threat-aware Active Risk Score, Remediation Hub helps security teams focus on the changes that drive the greatest risk reduction.
With this capability in Response & Remediation > Remediation Hub, you can:
- Resolve large volumes of vulnerabilities at once by focusing on remediation solutions that address them in bulk.
- Rely on intelligent logic to identify the most effective fix and reduce duplicated effort.
- Direct remediation teams to the actions with the greatest security impact.
Smarter filters and deeper insights in Remediation Hub
Security teams often need to cut through noise, meet SLAs, and streamline patching across complex environments. With enhanced filtering and richer context in Remediation Hub, you can focus on the vulnerabilities that matter most, align remediation efforts with business priorities, and plan patches with greater confidence.
With this update in Response & Remediation > Remediation Hub, you can:
- Filter by CVSS score to see only remediations that address vulnerabilities meeting or exceeding your selected severity threshold.
- Filter by Active Risk score to quickly identify and prioritize vulnerabilities that present the most risk to your environment.
Threat
A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.
Enhance threat coverage with migrated detection rules
The SIEM (InsightIDR) Detection Library continues to expand, delivering faster and broader threat detection capabilities. This month, we’ve migrated 4 legacy rules as part of our ongoing effort to unify and strengthen your detection experience.
With these updates available in Detection Rules > Detection Rule Library, you can:
- Stay ahead of emerging threats – detect high-risk activities such as watched or admin-led password resets with new rules.
- Streamline rule management – view migrated User Behavior Analytics (UBA) rules in a unified Detection Library.
- Improve response efficiency – gain faster insight into potential threats with consistent rule access.
Migrated Legacy Rules:
- Account Visits Suspicious Link.
- Ingress from Community Threat.
- Network Access for Threat.
- Suspicious Process Hash Discovered.
Improvements and Fixes
Keep track of improvements and fixes to core technology.
Application Security (InsightAppSec) and AppSpider
No updates released at this time.
Cloud Security (InsightCloudSec)
Release availability for self-hosted users
Self-hosted users will be able to download 25.10.7 version on October 14th from the following locations:
- Terraform deployments: Public S3 bucket . Modules can be updated with the
terraform get -update
command. - Amazon Elastic Container Repository (ECR) deployments: You can obtain the ECR build images for this version from the InsightCloudSec ECR Gallery
Version 25.10.7
Software release date: October 7, 2025 | Release notes published: October 6, 2025
Improved
- Misconfigurations page is now in Phase 2 (Modern UI is default, revert option is available).
- Added support for AWS GovCloud in
ServiceEventBusHarvester
andServiceEventRuleHarvester
. - Enhanced secret detection with new regex pattern for identifying AWS API Keys within Environment Variables when searching for Secrets in Plaintext.
- Added support for the new AWS resource CodeDeploy Application with
CodeDeployApplicationHarvester
.- New permissions required:
codedeploy:ListApplications
codedeploy:GetApplication
- New permissions required:
- Enhanced
WebAppHarvest
harvester to properly handleAuthorizationFailed
errors by settinghttp20_enabled
value tonull
instead of defaulting toTrue
. - Updated User Management interface text from “Lock/Unlock” to “Suspend/Activate” for improved clarity.
- Updated Recommended Remediation steps for insights:
- Instance Containing Sensitive Information In User Data (AWS)
- Instance Containing Sensitive Information In User Data Outside of Autoscaling Group (AWS)
- Revised AWS onboarding script with enhanced features and additional configuration options.
Fixed
- Fixed Tag Explorer UI scoping issues that were affecting resource filtering.
- Hidden Actions and Reconfigure buttons on BotFactory page (Modern UI) for users with Read Only permissions.
- Resolved Layered Context click handler issues on Applications that were causing broken view states.
- Restored Badges Dropdown functionality in the Clouds tab within Resource Scope panel.
- Fixed Tag Explorer interaction issues with the Scopes panel that were preventing proper filtering operations.
BotFactory UI
Starting in October 2025, we will begin a gradual removal of the ‘Switch to Legacy UI’ toggle on the BotFactory page. For our self-hosted customers, this update is currently planned for the beginning of November.
Attention: There will be no release during the week of October 13. The next release will be on October 21, 2025.
Upcoming changes for 25.10.21
The following extensions will be removed from QF “Instance or Autoscaling Group Without a Vulnerability Assessment Extension Installed”:
- LinuxAgent.AzureSecurityCenter
- WindowsAgent.AzureSecurityCenter
The following extensions will be added:
- MDE.Linux
- MDE.Windows
Impact: As a result, the “Instance Without Vulnerability Assessment Extension” insight will no longer check for the deprecated extensions and will include the new MDE extensions. These changes may potentially affect the results of existing bots that rely on this Insight or Query Filter.
Reason for this change: Microsoft has deprecated “Enable vulnerability scanning with the integrated Qualys scanner”, making these extensions obsolete.
SIEM (InsightIDR)
No updates released at this time.
InsightVM
Vulnerability Management (InsightVM)
Version 8.23.0
Software release date: Oct 6, 2025 | Release notes published: Oct 3, 2025
Improved:
- Custom CSV reports now include a new data field for the Fully Qualified Domain Name (FQDN) of assets, providing enhanced clarity and traceability in exported asset data.
- A new column has been added to the Scan Engine section, allowing users to view and sort by Scan Engine ID for easier engine identification and management.
- Web application fingerprinting has been optimized to pause after 5 consecutive failed attempts, reducing scan duration for problematic assets. This behavior can be configured via a custom property.
- Updated API endpoints to further bolster stringent authentication protocols, enhancing overall security posture.
Fixed:
- Fixed an issue that impacted the reporting of adjusted Risk Scores, particularly where scores were modified based on criticality. Risk scores now reflect accurately across both UI and reports.
Nexpose
Version 8.23.0
Software release date: Oct 6, 2025 | Release notes published: Oct 3, 2025
Improved:
- Custom CSV reports now include a new data field for the Fully Qualified Domain Name (FQDN) of assets, providing enhanced clarity and traceability in exported asset data.
- A new column has been added to the Scan Engine section, allowing users to view and sort by Scan Engine ID for easier engine identification and management.
- Web application fingerprinting has been optimized to pause after 5 consecutive failed attempts, reducing scan duration for problematic assets. This behavior can be configured via a custom property.
- Updated API endpoints to further bolster stringent authentication protocols, enhancing overall security posture.
Fixed:
- Fixed an issue that impacted the reporting of adjusted Risk Scores, particularly where scores were modified based on criticality. Risk scores now reflect accurately across both UI and reports.
Digital Risk Protection (Threat Command)
No updates released at this time.