Fortinet and Ivanti have every revealed new safety advisories to tell prospects in regards to the vulnerabilities fastened with their August 2025 Patch Tuesday updates.
Fortinet has revealed 14 new advisories. An important one, with a vital severity ranking, describes CVE-2025-25256, a FortiSIEM flaw that permits an unauthenticated, distant attacker to execute arbitrary code or instructions via specifically crafted CLI requests.
Fortinet warned {that a} sensible exploit for this vulnerability has been discovered within the wild — the corporate’s phrasing means that the vulnerability has not been exploited for malicious functions, however a PoC exploit is public.
Two advisories have a excessive severity ranking. Certainly one of them describes CVE-2025-52970, an authentication bypass affecting FortiWeb. It permits a distant attacker to log in as any present person by leveraging a specifically crafted request.
The second high-severity subject is CVE-2024-26009, which impacts FortiOS, FortiPAM, FortyProxy, and FortiSwitchManager.
Fortinet says the flaw can “enable an unauthenticated attacker to grab management of a managed system through crafted FGFM requests, if the system is managed by a FortiManager, and if the attacker is aware of that FortiManager’s serial quantity.”
The corporate has patched medium-severity vulnerabilities in FortiManager, FortiWeb, FortiOS, FortiProxy, FortiPAM, FortiADC, FortiSOAR, FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. Many of those safety holes can enable arbitrary code execution.
Ivanti’s August 2025 Patch Tuesday updates are described by three advisories. One covers two high-severity authenticated distant code execution vulnerabilities in Ivanti Avalanche.Commercial. Scroll to proceed studying.
The second advisory describes a medium-severity subject in Ivanti Digital Software Supply Management (vADC) that would enable a distant, authenticated attacker to reset admin passwords and take over the focused account.
The third advisory is for Ivanti Join Safe, Coverage Safe, ZTA Gateways and Neurons for Safe Entry. The merchandise are affected by two high-severity flaws that may be exploited for distant, unauthenticated DoS assaults, and two medium-severity bugs that may be leveraged for DoS assaults and studying arbitrary recordsdata.
Ivanti mentioned it’s not conscious of any assaults exploiting these vulnerabilities.
Nevertheless, it’s necessary that each Ivanti and Fortinet prospects set up the obtainable patches as quickly as attainable as a result of it isn’t unusual for menace actors to take advantage of vulnerabilities discovered of their merchandise.
Associated: Ivanti, Fortinet Patch Distant Code Execution Vulnerabilities
Associated: FBI/CISA Share Particulars on Ivanti Exploits Chains: What Community Defenders Have to Know
Associated: Latest Fortinet Vulnerabilities Exploited in ‘SuperBlack’ Ransomware Assaults
