The latest interim release of Ubuntu comes with compatibility enhancements at the silicon level, accessibility upgrades and a robust security posture that sets the stage for the next LTS.
October 9, 2025
Today Canonical announced the release of Ubuntu 25.10, codenamed “Questing Quokka,” available to download and install from ubuntu.com/download.
Alongside GNOME 49 and new default applications such as the Ptyxis terminal emulator and the Loupe image viewer, Ubuntu 25.10 introduces notable platform upgrades, from improved Bluetooth audio handling to expanded support for confidential computing features. Ubuntu 25.10 is the first to benefit from memory-safe implementations of “coreutils” and “sudo-rs,” as well as improvements in TPM-backed full disk encryption and support for nested virtualization on Arm.
Ubuntu 25.10 is a statement of intent for the next Ubuntu LTS in 2026. Canonical continues to deliver a resilient, performant Linux operating system trusted by individuals and enterprises alike, from makers and developers to Fortune 500 companies, across hardware from IoT devices to modern datacenters. I’m particularly pleased with the progress on memory-safe utilities, and the enhancements to our TPM-backed full disk encryption.
Jon Seager, VP of Ubuntu Engineering at Canonical
This Ubuntu release is also the first to coincide with a new format of the Ubuntu Summit, where viewers around the world can learn about the latest developments in Ubuntu and open source.
GNOME 49 and accessibility enhancements
Ubuntu 25.10 features GNOME 49. This update introduces media and power controls on the lock screen, improved accessibility and HDR brightness settings. Users will also find two new applications: Loupe, a modern image viewer, and Ptyxis, a new terminal emulator. These additions are part of a broader effort to modernize Ubuntu’s application set. Selecting the “install restricted extras” option in the installer will now enable support for more Bluetooth codecs (AAC) and enable hardware accelerated screen recording in GNOME, further improving performance.
In line with the European Accessibility Act (EAA), Canonical continues its long-standing effort to make Linux easy for everyone to use. Ubuntu’s App Center and Settings panels come with better support for high contrast mode, keyboard navigation, and screen reading. The login screen also introduces a more prominent accessibility menu, making assistive technologies easier to access from the start.
Next-generation toolchains bolster the developer experience
Ubuntu 25.10 ships with OpenJDK 25, the latest version of Java, and the latest upstream versions for Python (3.14 RC3), Golang (1.25), and GCC (15). Rust 1.85 will be the default, and 1.88 is also available. A preview of the new Zig language compiler is available in this release for amd64 and arm64.
In addition, this release includes a preview of .NET 10, which is the upcoming .NET LTS due for release in November.
Canonical continues to improve the .NET developer experience on Ubuntu with an enhanced .NET Snapcraft plugin to improve support for monorepo setups, delivering better developer experience with MSBuild through custom flag attributes. In addition, the popular tools from Powershell on Windows are now available in Ubuntu on arm64, ppc64el and s390x platforms through the Powershell snap.
Rust-based implementations of sudo and coreutils for improved memory safety
Canonical is committed to increase the resilience of critical system software in Ubuntu by adopting modern implementations of key components like sudo and coreutils. As part of this initiative, Ubuntu 25.10 uses sudo-rs, a new Rust implementation of the sudo tool. While the Rust-based sudo is the default in this new release, the traditional sudo tool is still available for users who need it.
The introduction of a memory-safe sudo delivers many benefits compared to the traditional implementation. For users, a reduced attack surface in the sudo tool will improve Ubuntu’s overall security posture. Canonical welcomes users to test the tool and provide feedback ahead of its inclusion in the upcoming Ubuntu 26.04 LTS.
“At Trifecta Tech Foundation, we aim to make essential building blocks like sudo more secure and robust for everyone,” said Erik Jonkers, Chair at Trifecta Tech Foundation. “Seeing sudo-rs landing in Ubuntu is a huge achievement we’re very excited about. We applaud Canonical for pushing for memory safety and thank them for the collaboration over the past months to get sudo-rs ready for the 25.10 release. We’re confident that by working together and taking in feedback, we can make this a seamless shift that will improve security for Ubuntu’s users.”
Similarly, Ubuntu 25.10 is the first major Linux distribution release to adopt uutils‘ implementation of coreutils, which is a ground up reimplementation of the traditional GNU coreutils package in Rust with like-for-like compatibility and memory safety as key goals.
Platform security improvements with TPM-backed FDE
Ubuntu 25.10 offers experimental support for TPM-backed Full Disk Encryption (FDE), providing a way to ensure all content on the disk is encrypted and inaccessible at rest. A TPM, or Trusted Platform Module is a chip found in most modern computers.
TPM-backed FDE is a security method that uses the Trusted Platform Module to store cryptographic keys to encrypt the hard drive, making data unreadable without the correct key at boot time. New features include passphrase support and management, regeneration of the recovery key and better integration with firmware updates, alongside stabilization of the core components of the system to pave the way for the next Ubuntu LTS release. Security-focused users can test this FDE implementation in 25.10, but it’s not yet recommended for production environments.
Following the initial inclusion of Network Time Security (NTS) in Ubuntu 25.04, Questing Quokka ships with NTS enabled by default. NTS enhances Network Time Protocol (NTP) security by providing a cryptographic layer of authentication for the time synchronization process. This increases resilience against man-in-the-middle attacks and similar types of security risks. NTS uses Transport Layer Security (TLS) to ensure that time data comes from a trusted source.
Linux kernel 6.17 delivers nested virtualization and enhanced confidential workloads
In line with Canonical’s commitment to enable the latest features and hardware support, Ubuntu 25.10 ships with the latest Linux kernel, version 6.17.
Ubuntu 25.10 brings early access to the nested virtualization feature on Arm, following its inclusion in the upstream Linux kernel. Nested virtualization allows cloud providers and developers to run hypervisors inside virtual machines, enabling advanced CI/CD pipelines, flexible testing environments, and stronger workload isolation. Ubuntu 25.10 introduces support of this technology on platforms like NVIDIA Grace and AmpereOne, paving the way for broader use and maturity of nested virtualization on Arm.
As cloud infrastructure becomes more dynamic, the ability to run securely nested workloads is essential to scaling services efficiently while maintaining strong isolation and operational flexibility. With Ubuntu 25.10 enabling nested virtualization on Arm-based platforms both in the cloud and on-premises, developers and operators can advance development and deployment of this powerful capability. Together with Canonical, we’re accelerating the adoption of secure, scalable Arm-based cloud solutions.
Bhumik Patel, Director, Server Ecosystem Development, Infrastructure Business, Arm
This latest interim release of Ubuntu also lays the foundation for native support of Intel TDX with Ubuntu 26.04 LTS as the host operating system. Intel TDX is a technology that creates hardware-isolated virtual machines for confidential computing, making it ideal to support data clean rooms and confidential AI workloads. Ubuntu 25.10 kernels will ship with Intel TDX host support, enabling enterprises to run and receive support for confidential computing on their data centers or private clouds.
New RVA23 profile for accelerated RISC-V adoption
With Ubuntu 25.10, Canonical is adopting the recently ratified RVA23 as the baseline profile for its RISC-V builds. RVA23 helps accelerate the growth of the RISC-V ecosystem ensuring compatibility across RISC-V implementations. This early move aligns Ubuntu with RVA23-class solutions reaching the market, and enables early rigorous testing, bug fixing and issue triage. This effort enables RVA23 readiness in Ubuntu 26.04 LTS and provides the RISC-V ecosystem with a predictable roadmap and target.
RISC-V International is excited to see Canonical adopting the RVA23 profile for Ubuntu. RVA23 was ratified to help accelerate widespread implementation of RISC-V among toolchains and operating systems, set the base for high performing modern application processors with support for vectors and hypervisors, and ensure binary compatibility at the application level. Our collaboration with Canonical strengthens the RISC-V software ecosystem and advances the adoption of RISC-V in enterprise applications from IoT to HPC.
Andrea Gallo, CEO of RISC-V International
Readers can tune into the Ubuntu Summit on October 23-24 for a behind-the-scenes look at RVA23 advancements.
Next steps
About Canonical
Canonical, the publisher of Ubuntu, provides open source security, support and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone.
Learn more at canonical.com
Discover more from Ubuntu-Server.com
Subscribe to get the latest posts sent to your email.
