High-Severity Vulnerabilities Patched by Ivanti and Zoom

Posted on By CWS

Enterprise software program suppliers Ivanti and Zoom on Tuesday introduced patches for a number of vulnerabilities of their merchandise, together with high-severity points that might result in arbitrary file writes and code execution.

Ivanti introduced fixes for 3 bugs in Ivanti Endpoint Supervisor (EMP) that might be abused by unauthenticated attackers for distant code execution, or by native attackers for privilege escalation.

Two of the issues, tracked as CVE-2025-9713 and CVE-2025-11622, had been disclosed in October, after Pattern Micro’s Zero Day Initiative (ZDI) dropped 13 unpatched EMP defects.

The 2 beforehand disclosed bugs are described as a path traversal and an insecure deserialization challenge. The third, CVE-2025-10918, is an insecure default permissions weak spot.

Ivanti says all EMP variations earlier than 2024 SU4 are affected by these vulnerabilities. Customers are suggested to replace their EMP deployments as quickly as potential.

“We’re not conscious of any clients being exploited by these vulnerabilities on the time of disclosure,” Ivanti notes in its advisory.

On Tuesday, Zoom revealed 9 advisories detailing three high-severity and 6 medium-severity bugs in its cellular and desktop shoppers.

The high-severity flaws, tracked as CVE-2025-62484, CVE-2025-64741, and CVE-2025-64740, might result in privilege escalation. The primary two have an effect on Zoom’s iOS and Android functions, whereas the third was recognized in Zoom Office VDI Shopper for Home windows.Commercial. Scroll to proceed studying.

5 of the newly resolved medium-severity points might result in data disclosure. They affect Zoom’s desktop functions for Linux, macOS, and Home windows.

The sixth is an XSS defect in Zoom Office and Assembly SDK for Home windows that may be exploited with out authentication, impacting software integrity.

Zoom makes no point out of any of those vulnerabilities being exploited within the wild.

Associated: Adobe Patches 29 Vulnerabilities

Associated: Microsoft Patches Actively Exploited Home windows Kernel Zero-Day

Associated: SAP Patches Vital Flaws in SQL Wherever Monitor, Answer Supervisor

Associated: QNAP Patches Vulnerabilities Exploited at Pwn2Own Eire

Security Week News Tags:, , , ,

Related Posts

UK Student Sentenced to Prison for Selling Phishing Kits Security Week News
Docker Desktop Vulnerability Leads to Host Compromise Security Week News
In Other News: WhatsApp Passkey-Encrypted Backups, Russia Targets Meduza Malware, New Mastercard Solution Security Week News
Mycroft Raises $3.5 Million for AI-Powered Security and Compliance Platform Security Week News
Senator Urges FTC Probe of Microsoft Over Security Failures Security Week News
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors Security Week News