diff --git a/src/current/_data/releases.yml b/src/current/_data/releases.yml
index 03f4ffbae77..935a6175da4 100644
--- a/src/current/_data/releases.yml
+++ b/src/current/_data/releases.yml
@@ -6544,3 +6544,31 @@
       CockroachDB Cloud clusters. To request to upgrade
       a CockroachDB self-hosted cluster to this version,
       [contact support](https://support.cockroachlabs.com/hc/requests/new).
+
+
+- release_name: v23.1.25
+  major_version: v23.1
+  release_date: '2024-08-15'
+  release_type: Production
+  go_version: go1.22.5
+  sha: e2f43c504ae49a71313add928f35c107774124d6
+  has_sql_only: true
+  has_sha256sum: true
+  mac:
+    mac_arm: true
+    mac_arm_experimental: true
+    mac_arm_limited_access: true
+  windows: true
+  linux:
+    linux_arm: true
+    linux_arm_experimental: false
+    linux_arm_limited_access: false
+    linux_intel_fips: true
+    linux_arm_fips: false
+  docker:
+    docker_image: cockroachdb/cockroach
+    docker_arm: true
+    docker_arm_experimental: false
+    docker_arm_limited_access: false
+  source: true
+  previous_release: v23.1.24
diff --git a/src/current/_includes/releases/v23.1/v23.1.25.md b/src/current/_includes/releases/v23.1/v23.1.25.md
new file mode 100644
index 00000000000..3d5d52bff01
--- /dev/null
+++ b/src/current/_includes/releases/v23.1/v23.1.25.md
@@ -0,0 +1,81 @@
+## v23.1.25
+
+Release Date: August 15, 2024
+
+{% include releases/new-release-downloads-docker-image.md release=include.release %}
+<h3 id="v23-1-25-security-updates">Security updates</h3>
+
+- URLs in the following SQL statements are now sanitized of any secrets before being written to unredacted logs: - `BACKUP` - `RESTORE` - `CREATE SCHEDULE FOR BACKUP` - `ALTER BACKUP SCHEDULE` [#127537][#127537]
+- URLs in the following SQL statements are now sanitized of any secrets before being written to unredacted logs: - `ALTER BACKUP` [#127537][#127537]
+- URLs in the following SQL statements are now sanitized of any secrets before being written to unredacted logs: - `SHOW BACKUP` - `SHOW BACKUPS` [#127537][#127537]
+- URLs in the following SQL statements are now sanitized of any secrets before being written to unredacted logs: - `CREATE CHANGEFEED` - `CREATE SCHEDULE FOR CHANGEFEED` - `ALTER CHANGEFEED SET sink` [#127537][#127537]
+- URLs in the following SQL statements are now sanitized of any secrets before being written to unredacted logs: - `IMPORT` [#127537][#127537]
+- URLs in the following SQL statements are now sanitized of any secrets before being written to unredacted logs: - `EXPORT` [#127537][#127537]
+- URLs in the following SQL statements are now sanitized of any secrets before being written to unredacted logs: - `CREATE EXTERNAL CONNECTION` [#127537][#127537]
+- URLs in the following SQL statements are now sanitized of any secrets before being written to unredacted logs: - `COPY` [#127537][#127537]
+- The cluster setting `server.jwt_authentication.issuers` can now take multiple values to support various kinds of providers and their mapped JWKS URI. This can be set to one of the following values: 1. Simple string that Go can parse as a valid issuer URL. 2. String that can be parsed as valid JSON array of issuer URLs list. 3. String that can be parsed as valid JSON and deserialized into a map of issuer URLs to corresponding JWKS URIs. In the third case we will be overriding the JWKS URI present in the issuer's well-known endpoint. Example valid values: - 'https://accounts.google.com' - ['example.com/adfs','https://accounts.google.com'] - '{    "issuer_jwks_map": {        "https://accounts.google.com": "https://www.googleapis.com/oauth2/v3/certs",        "example.com/adfs": "https://example.com/adfs/discovery/keys"     }    }' When `issuer_jwks_map` is set, we directly use the JWKS URI to get the key set. In all other cases where JWKSAutoFetchEnabled is set we obtain the JWKS URI first from issuer's well-known endpoint and then use this endpoint. [#128751][#128751]
+
+<h3 id="v23-1-25-sql-language-changes">SQL language changes</h3>
+
+- Added the sql.auth.grant_option_inheritance.enabled cluster setting. The default value is true, which results in behavior that matches the existing behavior of CockroachDB. When set to false, then the GRANT OPTION is not inherited via role membership, which will prevent the descendant roles from being able to grant the privilege to others. The privilege itself is still inherited via role membership. [#126862][#126862]
+- Added the sql.auth.grant_option_for_owner.enabled cluster setting. The default value is true, which results in behavior that matches the existing behavior of CockroachDB. When set to false, then the GRANT OPTION is not implcitly given to the owner of an object. The object owner still implicitly has all privileges on the object, just not the ability to grant them to other users. [#127005][#127005]
+- Fix a bug in which the DISCARD statement was disallowed with `default_transaction_read_only = on`. [#127549][#127549]
+
+<h3 id="v23-1-25-db-console-changes">DB Console changes</h3>
+
+- The database details and table details pages in the cluster-ui now display the correct "stats last created" value. [#126415][#126415]
+- The databases and tables pages in the DB Console will show a loading state while loading information for databases and tables including size and range counts. [#127699][#127699]
+- In the DB details page, the table name will no longer appear with quotes around the schema and table name. [#127763][#127763]
+
+<h3 id="v23-1-25-bug-fixes">Bug fixes</h3>
+
+- DROP REGION can fail if any tables under a given database have indexes on expressions. [#126600][#126600]
+- Fixed bug where we restore a database with a composite type. [#126847][#126847]
+- Fixed postgres incompatibility bug when inputting public as user name for builtin functions such as has_database_privilege and has_schema_privilege. [#126853][#126853]
+- Previously, CockroachDB could incorrectly evaluate `IS NOT NULL` filter if it was applied to non-NULL tuples that had NULL elements (like `(1, NULL)` or `(NULL, NULL)`). The bug is present since 20.2 version and is now fixed. [#126942][#126942]
+- ALTER ROLE events in the DB Console event log now render correctly when the event does not contain any role options. [#126563][#126563]
+- Database overview and db details pages should not crash if the range information is not available. [#127090][#127090]
+- CREATE TABLE with index expressions could hit undefined column errors on transaction retries [#126200][#126200]
+- A bug has been fixed that caused a memory leak when executing SQL statements with comments, for example, `SELECT /* comment */ 1;`. Memory owned by a SQL session would continue to grow as these types of statements were executed. The memory would only be released when closing the SQL session. This bug has been present since version 23.1. [#127757][#127757]
+- Fixed a bug where CREATE INDEX IF NOT EXISTS would not correctly short-circuit if the given index already existed. [#128239][#128239]
+- Fixed a bug in overly eagier syntax validation, in which the DESCENDING clause was not allowed for non-terminal columns of an inverted index. Only the last column of an inverted index should be prevented from being DESCENDING, and this is properly checked now. [#128239][#128239]
+- Fixed a bug where an index could store a column in the primary index if that column had a mixed-case name. [#128239][#128239]
+- Fixed a memory leak that could occur when specifying a non-existent virtual cluster name in the connection string. [#128110][#128110]
+- Setting or dropping a default value on a computed column is now blocked -- even for null defaults. Previously, setting or dropping a default value on a computed column was a no-op. [#128468][#128468]
+
+<h3 id="v23-1-25-miscellaneous">Miscellaneous</h3>
+
+<h4 id="v23-1-25-changes-without-release-note-annotation">Changes without release note annotation</h4>
+
+- [#128586][#128586] [55db0b9a2][55db0b9a2] release-23.1.25-rc: Revert "cli: add fallback query support for debug zip"
+- [#127606][#127606] [82b0de2b9][82b0de2b9] Revert "cli: add fallback query support for debug zip"
+
+<h3 id="v23-1-25-doc-updates">Doc updates</h3>
+
+{% comment %}Docs team: Please add these manually.{% endcomment %}
+
+</div>
+
+[#126200]: https://github.com/cockroachdb/cockroach/pull/126200
+[#126415]: https://github.com/cockroachdb/cockroach/pull/126415
+[#126563]: https://github.com/cockroachdb/cockroach/pull/126563
+[#126600]: https://github.com/cockroachdb/cockroach/pull/126600
+[#126847]: https://github.com/cockroachdb/cockroach/pull/126847
+[#126853]: https://github.com/cockroachdb/cockroach/pull/126853
+[#126862]: https://github.com/cockroachdb/cockroach/pull/126862
+[#126942]: https://github.com/cockroachdb/cockroach/pull/126942
+[#127005]: https://github.com/cockroachdb/cockroach/pull/127005
+[#127090]: https://github.com/cockroachdb/cockroach/pull/127090
+[#127537]: https://github.com/cockroachdb/cockroach/pull/127537
+[#127549]: https://github.com/cockroachdb/cockroach/pull/127549
+[#127606]: https://github.com/cockroachdb/cockroach/pull/127606
+[#127699]: https://github.com/cockroachdb/cockroach/pull/127699
+[#127757]: https://github.com/cockroachdb/cockroach/pull/127757
+[#127763]: https://github.com/cockroachdb/cockroach/pull/127763
+[#128110]: https://github.com/cockroachdb/cockroach/pull/128110
+[#128239]: https://github.com/cockroachdb/cockroach/pull/128239
+[#128468]: https://github.com/cockroachdb/cockroach/pull/128468
+[#128586]: https://github.com/cockroachdb/cockroach/pull/128586
+[#128751]: https://github.com/cockroachdb/cockroach/pull/128751
+[55db0b9a2]: https://github.com/cockroachdb/cockroach/commit/55db0b9a2
+[82b0de2b9]: https://github.com/cockroachdb/cockroach/commit/82b0de2b9