October 9, 2025
Today Canonical announced the release of Ubuntu 25.10, codenamed “Questing Quokka,” available to download and install from ubuntu.com/download.
Alongside GNOME 49 and new default applications such as the Ptyxis terminal emulator and the Loupe image viewer, Ubuntu 25.10 introduces notable platform upgrades, from improved Bluetooth audio handling to expanded support for confidential computing features. Ubuntu 25.10 is the first to benefit from memory-safe implementations of “coreutils” and “sudo-rs,” as well as improvements in TPM-backed full disk encryption and support for nested virtualization on Arm.
Ubuntu 25.10 is a statement of intent for the next Ubuntu LTS in 2026. Canonical continues to deliver a resilient, performant Linux operating system trusted by individuals and enterprises alike, from makers and developers to Fortune 500 companies, across hardware from IoT devices to modern datacenters. I’m particularly pleased with the progress on memory-safe utilities, and the enhancements to our TPM-backed full disk encryption.
Jon Seager, VP of Ubuntu Engineering at Canonical
This Ubuntu release is also the first to coincide with a new format of the Ubuntu Summit, where viewers around the world can learn about the latest developments in Ubuntu and open source.
Ubuntu 25.10 features GNOME 49. This update introduces media and power controls on the lock screen, improved accessibility and HDR brightness settings. Users will also find two new applications: Loupe, a modern image viewer, and Ptyxis, a new terminal emulator. These additions are part of a broader effort to modernize Ubuntu’s application set. Selecting the “install restricted extras” option in the installer will now enable support for more Bluetooth codecs (AAC) and enable hardware accelerated screen recording in GNOME, further improving performance.
In line with the European Accessibility Act (EAA), Canonical continues its long-standing effort to make Linux easy for everyone to use. Ubuntu’s App Center and Settings panels come with better support for high contrast mode, keyboard navigation, and screen reading. The login screen also introduces a more prominent accessibility menu, making assistive technologies easier to access from the start.
Ubuntu 25.10 ships with OpenJDK 25, the latest version of Java, and the latest upstream versions for Python (3.14 RC3), Golang (1.25), and GCC (15). Rust 1.85 will be the default, and 1.88 is also available. A preview of the new Zig language compiler is available in this release for amd64 and arm64.
In addition, this release includes a preview of .NET 10, which is the upcoming .NET LTS due for release in November.
Canonical continues to improve the .NET developer experience on Ubuntu with an enhanced .NET Snapcraft plugin to improve support for monorepo setups, delivering better developer experience with MSBuild through custom flag attributes. In addition, the popular tools from Powershell on Windows are now available in Ubuntu on arm64, ppc64el and s390x platforms through the Powershell snap.
sudo and coreutils for improved memory safetyCanonical is committed to increase the resilience of critical system software in Ubuntu by adopting modern implementations of key components like sudo and coreutils. As part of this initiative, Ubuntu 25.10 uses sudo-rs, a new Rust implementation of the sudo tool. While the Rust-based sudo is the default in this new release, the traditional sudo tool is still available for users who need it.
The introduction of a memory-safe sudo delivers many benefits compared to the traditional implementation. For users, a reduced attack surface in the sudo tool will improve Ubuntu’s overall security posture. Canonical welcomes users to test the tool and provide feedback ahead of its inclusion in the upcoming Ubuntu 26.04 LTS.
“At Trifecta Tech Foundation, we aim to make essential building blocks like sudo more secure and robust for everyone,” said Erik Jonkers, Chair at Trifecta Tech Foundation. “Seeing sudo-rs landing in Ubuntu is a huge achievement we’re very excited about. We applaud Canonical for pushing for memory safety and thank them for the collaboration over the past months to get sudo-rs ready for the 25.10 release. We’re confident that by working together and taking in feedback, we can make this a seamless shift that will improve security for Ubuntu’s users.”
Similarly, Ubuntu 25.10 is the first major Linux distribution release to adopt uutils‘ implementation of coreutils, which is a ground up reimplementation of the traditional GNU coreutils package in Rust with like-for-like compatibility and memory safety as key goals.
Ubuntu 25.10 offers experimental support for TPM-backed Full Disk Encryption (FDE), providing a way to ensure all content on the disk is encrypted and inaccessible at rest. A TPM, or Trusted Platform Module is a chip found in most modern computers.
TPM-backed FDE is a security method that uses the Trusted Platform Module to store cryptographic keys to encrypt the hard drive, making data unreadable without the correct key at boot time. New features include passphrase support and management, regeneration of the recovery key and better integration with firmware updates, alongside stabilization of the core components of the system to pave the way for the next Ubuntu LTS release. Security-focused users can test this FDE implementation in 25.10, but it’s not yet recommended for production environments.
Following the initial inclusion of Network Time Security (NTS) in Ubuntu 25.04, Questing Quokka ships with NTS enabled by default. NTS enhances Network Time Protocol (NTP) security by providing a cryptographic layer of authentication for the time synchronization process. This increases resilience against man-in-the-middle attacks and similar types of security risks. NTS uses Transport Layer Security (TLS) to ensure that time data comes from a trusted source.
In line with Canonical’s commitment to enable the latest features and hardware support, Ubuntu 25.10 ships with the latest Linux kernel, version 6.17.
Ubuntu 25.10 brings early access to the nested virtualization feature on Arm, following its inclusion in the upstream Linux kernel. Nested virtualization allows cloud providers and developers to run hypervisors inside virtual machines, enabling advanced CI/CD pipelines, flexible testing environments, and stronger workload isolation. Ubuntu 25.10 introduces support of this technology on platforms like NVIDIA Grace and AmpereOne, paving the way for broader use and maturity of nested virtualization on Arm.
As cloud infrastructure becomes more dynamic, the ability to run securely nested workloads is essential to scaling services efficiently while maintaining strong isolation and operational flexibility. With Ubuntu 25.10 enabling nested virtualization on Arm-based platforms both in the cloud and on-premises, developers and operators can advance development and deployment of this powerful capability. Together with Canonical, we’re accelerating the adoption of secure, scalable Arm-based cloud solutions.
Bhumik Patel, Director, Server Ecosystem Development, Infrastructure Business, Arm
This latest interim release of Ubuntu also lays the foundation for native support of Intel TDX with Ubuntu 26.04 LTS as the host operating system. Intel TDX is a technology that creates hardware-isolated virtual machines for confidential computing, making it ideal to support data clean rooms and confidential AI workloads. Ubuntu 25.10 kernels will ship with Intel TDX host support, enabling enterprises to run and receive support for confidential computing on their data centers or private clouds.
With Ubuntu 25.10, Canonical is adopting the recently ratified RVA23 as the baseline profile for its RISC-V builds. RVA23 helps accelerate the growth of the RISC-V ecosystem ensuring compatibility across RISC-V implementations. This early move aligns Ubuntu with RVA23-class solutions reaching the market, and enables early rigorous testing, bug fixing and issue triage. This effort enables RVA23 readiness in Ubuntu 26.04 LTS and provides the RISC-V ecosystem with a predictable roadmap and target.
RISC-V International is excited to see Canonical adopting the RVA23 profile for Ubuntu. RVA23 was ratified to help accelerate widespread implementation of RISC-V among toolchains and operating systems, set the base for high performing modern application processors with support for vectors and hypervisors, and ensure binary compatibility at the application level. Our collaboration with Canonical strengthens the RISC-V software ecosystem and advances the adoption of RISC-V in enterprise applications from IoT to HPC.
Andrea Gallo, CEO of RISC-V International
Readers can tune into the Ubuntu Summit on October 23-24 for a behind-the-scenes look at RVA23 advancements.
Canonical, the publisher of Ubuntu, provides open source security, support and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone.
Learn more at canonical.com
Oracle Kubernetes Engine now supports Ubuntu images for worker nodes natively, with no need for…
Happy birthday, OpenStack! It’s astonishing how fast time flies – fifteen years already. Yet, here…
London has called, and the Ubuntu community has answered! This year, the Ubuntu Summit has…
Welcome to the Ubuntu Weekly Newsletter, Issue 912 for the week of September 28 –…
The certification demonstrates alignment with cybersecurity standards that will further safeguard open source products and…
We’re pleased to share a security enhancement for Ubuntu workloads on Microsoft Azure. In collaboration…