Fortinet and Ivanti on Tuesday introduced fixes for over a dozen vulnerabilities throughout their product portfolios, together with a number of high-severity flaws.
Ivanti launched a Workspace Management (IWC) replace to handle three high-severity bugs that would result in credential leaks.
Tracked as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455, the problems exist due to hardcoded keys in IWC variations 10.19.0.0 and prior, which may enable authenticated attackers to decrypt saved SQL credentials and atmosphere passwords.
“We aren’t conscious of any prospects being exploited by these vulnerabilities previous to public disclosure. These vulnerabilities have been disclosed by way of our accountable disclosure program,” the corporate notes.
Fortinet launched 14 patches on Tuesday, to handle one high- and 13 medium-severity safety defects.
The high-severity problem, tracked as CVE-2025-31104, is described as an OS command injection bug in FortiADC that would enable an authenticated attacker to execute arbitrary code utilizing crafted HTTP requests.
The corporate mounted medium-severity flaws in FortiOS, FortiClientEMS, FortiClient for Home windows, FortiPAM, FortiSRA, FortiSASE, FortiPortal, FortiProxy, and FortiWeb.
Attackers may exploit these points to carry out SSRF assaults, inject unauthorized periods, redirect VPN connections, entry unauthorized assets, entry SSL-VPN settings, view system data, log into the SSL-VPN portal, elevate privileges, add SSH key recordsdata on the system, carry out operations on behalf of a focused person, spoof the id of a downstream system, and join from FortiClient by way of revoked certificates.Commercial. Scroll to proceed studying.
Fortinet makes no point out of any of those vulnerabilities being exploited within the wild. Further data will be discovered on the corporate’s PSIRT advisories web page.
Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs
Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA
Associated: Crucial Vulnerability Patched in SAP NetWeaver
Associated: Over 30 Vulnerabilities Patched in Android
