High-Severity Vulnerabilities Patched by Ivanti and Zoom

High-Severity Vulnerabilities Patched by Ivanti and Zoom

Posted on By CWS

Enterprise software program suppliers Ivanti and Zoom on Tuesday introduced patches for a number of vulnerabilities of their merchandise, together with high-severity points that might result in arbitrary file writes and code execution.

Ivanti introduced fixes for 3 bugs in Ivanti Endpoint Supervisor (EMP) that might be abused by unauthenticated attackers for distant code execution, or by native attackers for privilege escalation.

Two of the issues, tracked as CVE-2025-9713 and CVE-2025-11622, had been disclosed in October, after Pattern Micro’s Zero Day Initiative (ZDI) dropped 13 unpatched EMP defects.

The 2 beforehand disclosed bugs are described as a path traversal and an insecure deserialization challenge. The third, CVE-2025-10918, is an insecure default permissions weak spot.

Ivanti says all EMP variations earlier than 2024 SU4 are affected by these vulnerabilities. Customers are suggested to replace their EMP deployments as quickly as potential.

“We’re not conscious of any clients being exploited by these vulnerabilities on the time of disclosure,” Ivanti notes in its advisory.

On Tuesday, Zoom revealed 9 advisories detailing three high-severity and 6 medium-severity bugs in its cellular and desktop shoppers.

The high-severity flaws, tracked as CVE-2025-62484, CVE-2025-64741, and CVE-2025-64740, might result in privilege escalation. The primary two have an effect on Zoom’s iOS and Android functions, whereas the third was recognized in Zoom Office VDI Shopper for Home windows.Commercial. Scroll to proceed studying.

5 of the newly resolved medium-severity points might result in data disclosure. They affect Zoom’s desktop functions for Linux, macOS, and Home windows.

The sixth is an XSS defect in Zoom Office and Assembly SDK for Home windows that may be exploited with out authentication, impacting software integrity.

Zoom makes no point out of any of those vulnerabilities being exploited within the wild.

Associated: Adobe Patches 29 Vulnerabilities

Associated: Microsoft Patches Actively Exploited Home windows Kernel Zero-Day

Associated: SAP Patches Vital Flaws in SQL Wherever Monitor, Answer Supervisor

Associated: QNAP Patches Vulnerabilities Exploited at Pwn2Own Eire

Security Week News Tags:, , , ,

Related Posts

Destructive Russian Cyberattacks on Ukraine Expand to Grain Sector Destructive Russian Cyberattacks on Ukraine Expand to Grain Sector Security Week News
240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco 240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco Security Week News
Organizations Warned of Exploited Meteobridge Vulnerability Organizations Warned of Exploited Meteobridge Vulnerability Security Week News
Korean Air Data Compromised in Oracle EBS Hack Korean Air Data Compromised in Oracle EBS Hack Security Week News
Google Revamps Bug Bounties as AI Transforms Security Google Revamps Bug Bounties as AI Transforms Security Security Week News
SAP Addresses Critical Vulnerabilities in S/4HANA SAP Addresses Critical Vulnerabilities in S/4HANA Security Week News