Tufin has officially released TOS R25-2. It's the second and final version of the Tufin Orchestration Suite of 2025. 
TOS R25-2 is available as GA and can be downloaded from the Tufin Portal (authentication required).
Some improvements of TOS R25-2:

Change Monitoring, Automation, and Orchestration

• SecureTrack
  Legacy reports in SecureTrack now use a 64-bit process, delivering better performance esp. for devices with a large number of rules and objects
  
  
• SecureTrack
  A Rule Optimizer allows to deliver hints how to tighten the rule base, based on real-time traffic logs, for AWS, Azure NSGs and Zscaler ZIA
  
  
• SecureTrack
  The Topology Map now supports generic policy-based routing (PBR) in the Path Analysis. PBR rules of monitored devices can be defined, edited, monitored and mapped. 
  
  
• SecureChange
  The Rule Recertification Workflow has got some improvements, including a better UI and certification history
  
  
• SecureChange
  The Designer now has a new interface for Access Requests involving changes on OPM devices, Azure NSGs, Azure firewalls, Zscaler ZIA, Huawei, Versa and others
  
  

Devices and Platforms

• TufinOS
  TufinOS is now available as an Amazon Machine Image (AMI) in the AWS Marketplace
  
  
• Azure
  Starting with R25-2 PHF1, Microsoft Azure Subscriptions for a given Tenant can be onboarded very simple, allowing Azure Subscriptions to be managed and monitored in an easy way
  
  
• Azure
  Starting with R25-2 PHF2, Azure VNET is going to be imported automatically, enabled for individual subscriptions
  
  
• Azure and OPM devices
  Change automation is possible for access requests involving Azure NSGs and OPM devices
  
  
• AWS
  Management of AWS accounts at organizational level is possible now, also automatically
  
  
• Cisco
  Cisco ACI endpoint security groups (ESGs) are supported now in object and contract comparisons, change tracking, and ESG-based path analysis in the Topology Map
  
  
• Cisco
  For Cisco FMC Tos now takes AppID and URL category into account, improving also path analysis
  
  
• Cloud
  Checking compliance with USPs is now also possible for AWS, GCP and Azure network security groups installed on a NIC
  
  
• Palo Alto
  Palo Alto Networks external dynamic lists (PAN EDLs) are supported now, alloing e.g. filtering by IP in the Rule Viewer
  
  
• Zscaler
  Zscaler ZIA is now integrated into SecureChange, allowing automatic Target selection in Access Requests as well as Risk Analysis and the use of Designer and Verifier
  
  

Administration

• Installation 
  When installing TufinOS on VMware ESXi, the disk setup considers the separation of ETCD as part of the configuration workflow
  
  
• Updates
  When installing a patch, from now on it isn't necessarily the complete package that is installed. Tufin has optimized TOS for being able to receive (smaller) hotfixes also
  
  
• Remote Collector
  From now on, Remote Collectors automatically recover after disaster recovery switchover and restore of the central cluster
  
  

Further improvements, as well as corrections, are included in R25-2.
The latest version of the Tufin Orchestration Suite can be found at the Tufin Portal: https://portal.tufin.com