Fortinet, Ivanti Patch High-Severity Vulnerabilities

Fortinet, Ivanti Patch High-Severity Vulnerabilities

Posted on By CWS

Fortinet and Ivanti on Tuesday introduced fixes for over a dozen vulnerabilities throughout their product portfolios, together with a number of high-severity flaws.

Ivanti launched a Workspace Management (IWC) replace to handle three high-severity bugs that would result in credential leaks.

Tracked as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455, the problems exist due to hardcoded keys in IWC variations 10.19.0.0 and prior, which may enable authenticated attackers to decrypt saved SQL credentials and atmosphere passwords.

“We aren’t conscious of any prospects being exploited by these vulnerabilities previous to public disclosure. These vulnerabilities have been disclosed by way of our accountable disclosure program,” the corporate notes.

Fortinet launched 14 patches on Tuesday, to handle one high- and 13 medium-severity safety defects.

The high-severity problem, tracked as CVE-2025-31104, is described as an OS command injection bug in FortiADC that would enable an authenticated attacker to execute arbitrary code utilizing crafted HTTP requests.

The corporate mounted medium-severity flaws in FortiOS, FortiClientEMS, FortiClient for Home windows, FortiPAM, FortiSRA, FortiSASE, FortiPortal, FortiProxy, and FortiWeb.

Attackers may exploit these points to carry out SSRF assaults, inject unauthorized periods, redirect VPN connections, entry unauthorized assets, entry SSL-VPN settings, view system data, log into the SSL-VPN portal, elevate privileges, add SSH key recordsdata on the system, carry out operations on behalf of a focused person, spoof the id of a downstream system, and join from FortiClient by way of revoked certificates.Commercial. Scroll to proceed studying.

Fortinet makes no point out of any of those vulnerabilities being exploited within the wild. Further data will be discovered on the corporate’s PSIRT advisories web page.

Associated: Chrome, Firefox Updates Resolve Excessive-Severity Reminiscence Bugs

Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA

Associated: Crucial Vulnerability Patched in SAP NetWeaver

Associated: Over 30 Vulnerabilities Patched in Android

Security Week News Tags:, , , ,

Related Posts

Oracle Issues Critical Patch for Identity Manager Security Flaw Oracle Issues Critical Patch for Identity Manager Security Flaw Security Week News
Organizations Warned of Exploited Git Vulnerability Organizations Warned of Exploited Git Vulnerability Security Week News
Critical Vulnerability Patched in SAP NetWeaver Critical Vulnerability Patched in SAP NetWeaver Security Week News
Canadian Airline WestJet Hit by Cyberattack Canadian Airline WestJet Hit by Cyberattack Security Week News
Password Managers at Risk: Vaults Susceptible to Attacks Password Managers at Risk: Vaults Susceptible to Attacks Security Week News
ChatGPT Tricked Into Solving CAPTCHAs ChatGPT Tricked Into Solving CAPTCHAs Security Week News