Fortinet, Ivanti, and SAP have all moved to release updates addressing critical security flaws in their products that, if exploited, could allow attackers to bypass authentication or execute arbitrary code. Fortinet identified two major vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager, tracked as CVE-2025-59718 and CVE-2025-59719 with CVSS scores of 9.8. These flaws involve improper verification of cryptographic signatures, potentially allowing an unauthenticated actor to bypass FortiCloud SSO login using a crafted SAML message when the feature is enabled. Fortinet clarified that FortiCloud SSO is not active by default and must be manually enabled by administrators during device registration. Organizations are advised to disable the FortiCloud login toggle or use CLI commands to prevent potential exploitation until patches are applied.
Ivanti has issued updates for Endpoint Manager, addressing four vulnerabilities including a critical flaw in the EPM core and remote consoles identified as CVE-2025-10573 with a CVSS score of 9.6. The vulnerability allows an unauthenticated attacker to inject arbitrary JavaScript into administrator dashboards through a stored XSS flaw. When an administrator views a poisoned dashboard, the injected code executes and could grant the attacker control over the session. Rapid7 researcher Ryan Emmons noted that the flaw can be exploited simply by sending a fake device report to the EPM server. While the attack requires interaction with the dashboard, experts highlight the high probability of exploitation in normal administrative operations. Ivanti has patched this flaw in EPM version 2024 SU4 SR1, alongside three other high-severity vulnerabilities that could lead to remote code execution, including CVE-2025-13662, which also involves improper cryptographic signature verification.
SAP has released its December security updates to address 14 vulnerabilities, including three critical flaws in SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect SDK for Sybase Adaptive Server Enterprise. CVE-2025-42880 is a code injection vulnerability in SAP Solution Manager with a CVSS score of 9.9, while CVE-2025-55754 involves multiple issues in Apache Tomcat within SAP Commerce Cloud rated 9.6. CVE-2025-42928 is a deserialization flaw in SAP jConnect SDK with a CVSS score of 9.1. Researchers from Onapsis identified that SAP Solution Manager’s vulnerability allows an authenticated attacker to inject arbitrary code remotely, highlighting the urgency of patching due to its central role in SAP environments. The jConnect SDK flaw, while requiring elevated privileges, can also enable remote code execution when properly targeted.
With these vulnerabilities, security experts emphasize the importance of timely patching and preventive measures to protect enterprise environments. The flaws in Fortinet, Ivanti, and SAP software are high risk, frequently targeted by attackers, and can impact authentication, system integrity, and administrative controls. Organizations are urged to apply the security updates immediately, disable unnecessary features like FortiCloud SSO, implement user interface sanitization, and ensure privilege segmentation to reduce exposure to attacks. These updates reflect ongoing efforts by major technology providers to strengthen their products against increasingly sophisticated threats in enterprise networks.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
