Fortinet, Ivanti, and SAP have moved to handle vital security flaws of their merchandise that, if efficiently exploited, may end in an authentication bypass and code execution.
The Fortinet vulnerabilities have an effect on FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They’re tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS scores: 9.8).
“An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager might enable an unauthenticated attacker to bypass the FortiCloud SSO login authentication through a crafted SAML message, if that characteristic is enabled on the gadget,” Fortinet mentioned in an advisory.
The corporate, nevertheless, famous that the FortiCloud SSO login characteristic just isn’t enabled within the default manufacturing unit settings. FortiCloud SSO login is enabled when an administrator registers the gadget to FortiCare and has not disabled the toggle “Enable administrative login utilizing FortiCloud SSO” within the registration web page.
To briefly shield their programs towards assaults exploiting these vulnerabilities, organizations are suggested to disable the FortiCloud login characteristic (if enabled) till it may be up to date. This may be completed in two methods –
- Go to System -> Settings -> Swap “Enable administrative login utilizing FortiCloud SSO” to Off
- Run the under command within the CLI –
config system international
set admin-forticloud-sso-login disable
finishIvanti Releases Repair for Vital EPM Flaw
Ivanti has additionally shipped updates to handle 4 security flaws in Endpoint Supervisor (EPM), one in every of which is a vital severity bug within the EPM core and distant consoles. The vulnerability, assigned the CVE identifier CVE-2025-10573, carries a CVSS rating of 9.6.
“Saved XSS in Ivanti Endpoint Supervisor previous to model 2024 SU4 SR1 permits a distant unauthenticated attacker to execute arbitrary JavaScript within the context of an administrator session,” Ivanti mentioned.
Rapid7 security researcher Ryan Emmons, who found and reported the shortcoming on August 15, 2025, mentioned it permits an attacker with unauthenticated entry to the first EPM internet service to affix pretend managed endpoints to the EPM server in order to poison the administrator internet dashboard with malicious JavaScript.
“When an Ivanti EPM administrator views one of many poisoned dashboard interfaces throughout regular utilization, that passive person interplay will set off client-side JavaScript execution, ensuing within the attacker gaining management of the administrator’s session,” Emmons mentioned.
The corporate famous that person interplay is required to take advantage of the flaw and that it isn’t conscious of any assaults within the wild. It has been patched in EPM model 2024 SU4 SR1.
Additionally patched in the identical model are three different high-severity vulnerabilities (CVE-2025-13659, CVE-2025-13661, and CVE-2025-13662) that would enable a distant, unauthenticated attacker to attain arbitrary code execution. CVE-2025-13662, like within the case of CVE-2025-59718 and CVE-2025-59719, stems from improper verification of cryptographic signatures within the patch administration part.
SAP Fixes Three Vital Flaws
Lastly, SAP has pushed December security updates to handle 14 vulnerabilities throughout a number of merchandise, together with three critical-severity flaws. They’re listed under –
- CVE-2025-42880 (CVSS rating: 9.9) – A code injection vulnerability in SAP Resolution Supervisor
- CVE-2025-55754 (CVSS rating: 9.6) – A number of vulnerabilities in Apache Tomcat inside SAP Commerce Cloud
- CVE-2025-42928 (CVSS rating: 9.1) – A deserialization vulnerability in SAP jConnect SDK for Sybase Adaptive Server Enterprise (ASE)
Boston-based SAP security platform Onapsis has been credited with reporting CVE-2025-42880 and CVE-2025-42928. The corporate mentioned it recognized a remote-enabled operate module in SAP Resolution Supervisor that permits an authenticated attacker to inject arbitrary code.
“Given the central function of SAP Resolution Supervisor within the SAP system panorama, we strongly suggest a well timed patch,” Onapsis security researcher Thomas Fritsch mentioned.
CVE-2025-42928, alternatively, permits for distant code execution by offering specifically crafted enter to the SAP jConnect SDK part. Nonetheless, a profitable exploitation requires elevated privileges.
With security vulnerabilities in Fortinet, Ivanti, and SAP’s software program incessantly exploited by unhealthy actors, it is important that customers transfer rapidly to use the fixes.
