Fortinet, Ivanti Patch High-Severity Vulnerabilities

Posted on By CWS

Fortinet and Ivanti on Tuesday introduced fixes for over a dozen vulnerabilities throughout their product portfolios, together with a number of high-severity flaws.

Ivanti launched a Workspace Management (IWC) replace to handle three high-severity bugs that would result in credential leaks.

Tracked as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455, the problems exist due to hardcoded keys in IWC variations 10.19.0.0 and prior, which may enable authenticated attackers to decrypt saved SQL credentials and atmosphere passwords.

“We aren’t conscious of any prospects being exploited by these vulnerabilities previous to public disclosure. These vulnerabilities have been disclosed by way of our accountable disclosure program,” the corporate notes.

Fortinet launched 14 patches on Tuesday, to handle one high- and 13 medium-severity safety defects.

The high-severity problem, tracked as CVE-2025-31104, is described as an OS command injection bug in FortiADC that would enable an authenticated attacker to execute arbitrary code utilizing crafted HTTP requests.

The corporate mounted medium-severity flaws in FortiOS, FortiClientEMS, FortiClient for Home windows, FortiPAM, FortiSRA, FortiSASE, FortiPortal, FortiProxy, and FortiWeb.

Attackers may exploit these points to carry out SSRF assaults, inject unauthorized periods, redirect VPN connections, entry unauthorized assets, entry SSL-VPN settings, view system data, log into the SSL-VPN portal, elevate privileges, add SSH key recordsdata on the system, carry out operations on behalf of a focused person, spoof the id of a downstream system, and join from FortiClient by way of revoked certificates.Commercial. Scroll to proceed studying.

Fortinet makes no point out of any of those vulnerabilities being exploited within the wild. Further data will be discovered on the corporate’s PSIRT advisories web page.

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA

Associated: Crucial Vulnerability Patched in SAP NetWeaver

Associated: Over 30 Vulnerabilities Patched in Android

Security Week News Tags:, , , ,

Related Posts

Several Vulnerabilities Patched in AI Code Editor Cursor  Security Week News
SAP Patches Another Critical NetWeaver Vulnerability Security Week News
Cisco’s Quantum Bet: Linking Small Machines Into One Giant Quantum Computer Security Week News
Princeton University Data Breach Impacts Alumni, Students, Employees Security Week News
Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black Security Week News
Canada Gives Hikvision the Boot on National Security Grounds Security Week News