Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could lead to authentication bypass and code execution.
The Fortinet vulnerability affects FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and is related to a case of improper validation of cryptographic signatures. These are tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score: 9.8).
“Improper verification of cryptographic signature vulnerabilities” [CWE-347] “FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager could allow an unauthenticated attacker to bypass FortiCloud SSO login authentication via a crafted SAML message if that feature is enabled on the device,” Fortinet said in the advisory.
However, the company noted that the FortiCloud SSO login feature is not enabled by factory default settings. FortiCloud SSO login is available when an administrator registers a device with FortiCare and accesses it on the registration page.[FortiCloud SSO を使用した管理者ログインを許可する]Enabled if the toggle is not disabled.
To temporarily protect your systems from attacks that exploit these vulnerabilities, we recommend that organizations disable the FortiCloud login feature (if enabled) until it is updated. This can be done in two ways.
[システム]->[設定]->[FortiCloud SSO を使用した管理ログインを許可する]toggle off. Run the following command in the CLI – config system global set admin-forticloud-sso-login disable endIvanti releases fix for critical EPM flaw
Ivanti also released updates that address four security flaws in Endpoint Manager (EPM). One of them is a severity bug in the EPM core and remote console. This vulnerability has been assigned CVE identifier CVE-2025-10573 and has a CVSS score of 9.6.
“Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 could allow a remote, unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session,” Ivanti said.
According to Rapid7 security researcher Ryan Emmons, who discovered and reported the flaw on August 15, 2025, this flaw allows an attacker with unauthenticated access to the primary EPM web service to join a fake managed endpoint to the EPM server and poison an administrator’s web dashboard with malicious JavaScript.
“When an Ivanti EPM administrator views one of the compromised dashboard interfaces during normal use, that passive user interaction triggers client-side JavaScript execution, which allows the attacker to take control of the administrator’s session,” Emmons said.
The company said that user interaction is required to exploit the flaw, and that it is not aware of any active attacks in progress. Patched with EPM version 2024 SU4 SR1.
The same version also patches three other high-severity vulnerabilities (CVE-2025-13659, CVE-2025-13661, and CVE-2025-13662) that could allow an unauthenticated, remote attacker to execute arbitrary code. CVE-2025-13662, like CVE-2025-59718 and CVE-2025-59719, is caused by improper validation of cryptographic signatures in the patch management component.
SAP fixes three critical flaws
Finally, SAP pushed out its December security updates to address 14 vulnerabilities across multiple products, including flaws of three severities. They are listed below –
CVE-2025-42880 (CVSS score: 9.9) – Code injection vulnerability in SAP Solution Manager CVE-2025-55754 (CVSS score: 9.6) – Multiple vulnerabilities in Apache Tomcat in SAP Commerce Cloud CVE-2025-42928 (CVSS score: 9.1) – SAP jConnect SDK for Sybase Deserialization vulnerability in Adaptive Server Enterprise (ASE)
Boston-based SAP security platform Onapsis has reportedly reported CVE-2025-42880 and CVE-2025-42928. The company announced that it has identified a remote-enabled functionality module in SAP Solution Manager that allows an authenticated attacker to inject arbitrary code.
“Given the central role of SAP Solution Manager in the SAP system environment, timely patching is highly recommended,” said Thomas Fritsch, security researcher at Onapsis.
CVE-2025-42928, on the other hand, allows remote code execution by providing specially crafted input to the SAP jConnect SDK component. However, successful exploitation requires elevated privileges.
Fortinet, Ivanti, and SAP software have security vulnerabilities that are frequently exploited by malicious parties, so it’s important that users apply fixes quickly.
Source link
