Enterprise software program suppliers Ivanti and Zoom on Tuesday introduced patches for a number of vulnerabilities of their merchandise, together with high-severity points that might result in arbitrary file writes and code execution.
Ivanti introduced fixes for 3 bugs in Ivanti Endpoint Supervisor (EMP) that might be abused by unauthenticated attackers for distant code execution, or by native attackers for privilege escalation.
Two of the issues, tracked as CVE-2025-9713 and CVE-2025-11622, had been disclosed in October, after Pattern Micro’s Zero Day Initiative (ZDI) dropped 13 unpatched EMP defects.
The 2 beforehand disclosed bugs are described as a path traversal and an insecure deserialization challenge. The third, CVE-2025-10918, is an insecure default permissions weak spot.
Ivanti says all EMP variations earlier than 2024 SU4 are affected by these vulnerabilities. Customers are suggested to replace their EMP deployments as quickly as potential.
“We’re not conscious of any clients being exploited by these vulnerabilities on the time of disclosure,” Ivanti notes in its advisory.
On Tuesday, Zoom revealed 9 advisories detailing three high-severity and 6 medium-severity bugs in its cellular and desktop shoppers.
The high-severity flaws, tracked as CVE-2025-62484, CVE-2025-64741, and CVE-2025-64740, might result in privilege escalation. The primary two have an effect on Zoom’s iOS and Android functions, whereas the third was recognized in Zoom Office VDI Shopper for Home windows.Commercial. Scroll to proceed studying.
5 of the newly resolved medium-severity points might result in data disclosure. They affect Zoom’s desktop functions for Linux, macOS, and Home windows.
The sixth is an XSS defect in Zoom Office and Assembly SDK for Home windows that may be exploited with out authentication, impacting software integrity.
Zoom makes no point out of any of those vulnerabilities being exploited within the wild.
Associated: Adobe Patches 29 Vulnerabilities
Associated: Microsoft Patches Actively Exploited Home windows Kernel Zero-Day
Associated: SAP Patches Vital Flaws in SQL Wherever Monitor, Answer Supervisor
Associated: QNAP Patches Vulnerabilities Exploited at Pwn2Own Eire
