HAPPY LIFE
WHAT NEWS?
Fortinet, Ivanti, and SAP Release Emergency Security Patches for Critical Vulnerabilities
Fortinet, Ivanti, and SAP Release Emergency Security Patches for Critical Vulnerabilities
Trusted News - Expert Analysis - Global Coverage
Fortinet, Ivanti, and SAP have issued urgent patches for high-severity vulnerabilities that could enable authentication bypass or remote code execution. Cybersecurity teams are urged to update systems immediately.
lobal cybersecurity teams are racing to deploy newly released emergency patches from Fortinet, Ivanti, and SAP, after all three companies disclosed critical vulnerabilities that could allow attackers to bypass authentication mechanisms or execute arbitrary code on affected systems.
The coordinated patch releases from three major enterprise software vendors highlight the escalating threat landscape facing organizations worldwide. With vulnerabilities affecting everything from network security appliances to enterprise resource planning systems, security administrators face a challenging December patch cycle that demands immediate attention and rapid deployment.
Fortinet disclosed two critical vulnerabilities—CVE-2025-59718 and CVE-2025-59719 (CVSS 9.8)—stemming from improper cryptographic signature verification. The flaws affect multiple Fortinet products, including FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager.
CVSS 9.8 - Improper cryptographic signature verification
CVSS 9.8 - SAML message handling vulnerability
FortiOS, FortiWeb, FortiProxy, FortiSwitchManager
According to Fortinet's advisory, a crafted SAML message could allow an unauthenticated attacker to bypass FortiCloud SSO login entirely. "This vulnerability may allow an attacker to bypass FortiCloud SSO authentication if the feature is enabled," the company stated. Fortinet clarified that FortiCloud SSO login is disabled by default, but administrators who registered devices with FortiCare may have enabled the feature unintentionally.
Organizations are urged to immediately disable FortiCloud SSO until patches are applied. This can be done via:
Ivanti has issued a critical fix for CVE-2025-10573 (CVSS 9.6), affecting Ivanti Endpoint Manager (EPM). The vulnerability allows a remote unauthenticated attacker to execute malicious JavaScript via stored Cross-Site Scripting (XSS) in the EPM dashboard.
CVSS 9.6 - Stored XSS in EPM dashboard
Ryan Emmons, Rapid7 researcher
Admin session hijacking via malicious JavaScript
The flaw was discovered by Rapid7 researcher Ryan Emmons, who warned that attackers could join fake managed devices to the EPM server, poison administrator dashboards with malicious payloads, and hijack admin sessions with a single page view. "A passive admin interaction is enough to trigger client-side code execution," Emmons explained.
Ivanti emphasized that while user interaction is required, there is no evidence of active exploitation. Also patched in the same release (EPM 2024 SU4 SR1) were CVE-2025-13659 (high-severity RCE), CVE-2025-13661 (high-severity RCE), and CVE-2025-13662 (cryptographic signature verification flaw, enabling arbitrary code execution).
SAP released a bundle of security updates fixing 14 vulnerabilities, three of which are critical. The December patch bundle represents one of the most significant security releases from SAP in recent months, addressing vulnerabilities that could impact core business systems worldwide.
CVSS 9.9 - Code injection in SAP Solution Manager
CVSS 9.6 - Apache Tomcat flaws in SAP Commerce Cloud
CVSS 9.1 - Deserialization flaw in SAP jConnect SDK
Security firm Onapsis reported two of the critical issues and urged organizations to prioritize patching, especially for SAP Solution Manager, which plays a central role in enterprise SAP environments. CVE-2025-42928 allows remote code execution, but exploitation requires elevated privileges, offering a limited—but real—attack path.
With threat actors increasingly targeting enterprise-grade platforms from Fortinet, Ivanti, and SAP, cybersecurity experts warn that delays in patch deployment could lead to network-wide compromise, authentication bypass, remote code execution (RCE), data breaches, and long-term footholds by state-linked actors or ransomware groups.
Disable FortiCloud SSO, apply patches, monitor authentication logs
Update to EPM 2024 SU4 SR1, audit admin sessions
Apply December patches, prioritize Solution Manager
Enforce privileged access security, monitor for anomalies
Audit systems for signs of exploitation, update asset inventory
Document patch status for regulatory requirements
Security teams are urged to apply vendor patches immediately, disable vulnerable features (where applicable), enforce privileged access security, monitor authentication logs for anomalies, and audit systems for signs of exploitation. The simultaneous release of critical patches from multiple major vendors creates a particularly challenging environment for security teams already stretched thin during the holiday season.
| Vendor | CVE | CVSS | Impact | Affected Products |
|---|---|---|---|---|
| Fortinet | CVE-2025-59718 | 9.8 | Authentication Bypass | FortiOS, FortiWeb, FortiProxy |
| Fortinet | CVE-2025-59719 | 9.8 | SAML Bypass | FortiOS, FortiSwitchManager |
| Ivanti | CVE-2025-10573 | 9.6 | Stored XSS / Session Hijacking | Endpoint Manager (EPM) |
| SAP | CVE-2025-42880 | 9.9 | Code Injection / RCE | SAP Solution Manager |
| SAP | CVE-2025-55754 | 9.6 | Tomcat Vulnerabilities | SAP Commerce Cloud |
| SAP | CVE-2025-42928 | 9.1 | Deserialization / RCE | SAP jConnect SDK |
Based on the severity and potential impact of these vulnerabilities, security teams should prioritize the following actions:
The simultaneous disclosure of critical vulnerabilities across multiple enterprise platforms underscores the importance of maintaining robust patch management processes and having dedicated resources for emergency security updates. Organizations that delay patching these vulnerabilities risk significant security incidents that could impact operations, data integrity, and regulatory compliance.
