25.10.3.2 and other security fixes

letic · May 29, 2026, 9:16am

Hello guys,

When looking at TrueNAS | Enterprise Security Responses | which is wonderful BTW I see that this particular CVE is fixed in 25.10.3.2. I tried every release channel but there are both on 25.10.3.1 or 26.04.beta.

I thought it was just a release issue but I don’t see it here either.

What is the hold up?

I guess you are trying to have more fixes in the release so what is the stance on high severity CVE?

Thanks in advance for your clarifications.

Keep up the good work

LeTic

LarsR · May 29, 2026, 9:36am

25.10.3.2 isn’t released yet, and if i remember correctly from another post someone from iX said that the next release will be 25.10.4 which will include the fix for the cve and other fixes.
If you’re on the general release train you won’t see that update because it will be first in the early adopter update profile.
Should get released sometime next month

letic · June 2, 2026, 11:14pm

Well that’s exactly my point. I’s truly great to have the transparency of security.truenas.com but what about CVE response time? When there are high severity CVEs what should be the expected timeframe for getting a fix? As a community user I don’t really have any expectation but I don’t think enterprise users have a different update channel.

Unfortunately it’s not like we can enable Debian repository and get the fix from them as the kernel are custom.

That’s why I was asking about iX policy in regards to security fixes.

tangofan · June 3, 2026, 5:38am

What CVE(s) in particular are you concerned about? Did you read up on the nature of those CVEs? IIRC, the ones getting the biggest headlines are privilege escalations, meaning a user would already need TrueNAS (shell) access in order to elevate their privileges to root. Obviously that’s not particularly relevant for TrueNAS, since end users shouldn’t have that kind of access in the first place. So just because some CVE has a high severity, doesn’t mean they it’s necessarily a problem in a given scenario.

Arwen · June 3, 2026, 5:48pm

Looks like the web page was updated to say the fix is in 25.10.4. The below web page says 25.10.4 is available. Though as @LarsR said, it might not be visible yet, depending on the update profile selected.

LarsR · June 3, 2026, 5:51pm

It’s available in the general update profile, just updated 10 minutes ago

Topic		Replies	Views
TrueNAS 25.10.3.1 is Now Available Announcements	23	2433	May 25, 2026
TrueNAS 25.04.2.5 is Now Available! Announcements	9	1310	October 27, 2025
Runc/Docker CVE-2025-31333 and friends TrueNAS General SCALE , Security	8	145	December 2, 2025
TrueNAS 24.10.2.3 and CORE-13.0-U6.8 are now available! Announcements	14	2760	August 5, 2025
TrueNAS CORE 13.0-U6.2 is Now Available! Announcements	39	5006	February 5, 2025

25.10.3.2 and other security fixes

Related topics