Cybersecurity

Fortinet, Ivanti, And Sap Issue Urgent Patches For Authentication...

2025-12-10 0 views admin
Fortinet, Ivanti, And Sap Issue Urgent Patches For Authentication...

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution.

The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS scores: 9.8).

"An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message, if that feature is enabled on the device," Fortinet said in an advisory.

The company, however, noted that the FortiCloud SSO login feature is not enabled in the default factory settings. FortiCloud SSO login is enabled when an administrator registers the device to FortiCare and has not disabled the toggle "Allow administrative login using FortiCloud SSO" in the registration page.

To temporarily protect their systems against attacks exploiting these vulnerabilities, organizations are advised to disable the FortiCloud login feature (if enabled) until it can be updated. This can be done in two ways -

Ivanti has also shipped updates to address four security flaws in Endpoint Manager (EPM), one of which is a critical severity bug in the EPM core and remote consoles. The vulnerability, assigned the CVE identifier CVE-2025-10573, carries a CVSS score of 9.6.

"Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session," Ivanti said.

Rapid7 security researcher Ryan Emmons, who discovered and reported the shortcoming on August 15, 2025, said it allows an attacker with unauthenticated access to the primary EPM web service to join fake managed endpoints to the EPM server so as to poison the administrator web dashboard with malicious JavaScript.

"When an Ivanti EPM administrator views one of the poisoned dashboard interfaces during normal usage, that passive user interaction will trigger client-side JavaScript execution, resulting in the attacker gaining control of the administrator's session," Emmons said.

The company noted that user interaction is required to exploit the flaw and that it's not aware of any attacks in the wild. It has been patched in EPM version 2024 SU4 SR1.

Source: The Hacker News

🏷️ Tags

securityvulnerabilitycveattackexploit

More from Cybersecurity

Beware: Paypal Subscriptions Abused To Send Fake Purchase Emails

Beware: Paypal Subscriptions Abused To Send Fake Purchase Emails

2025-12-14 0
Cybervolk’s Ransomware Debut Stumbles On Cryptography Weakness

Cybervolk’s Ransomware Debut Stumbles On Cryptography Weakness

2025-12-13 0
Cisa Adds Actively Exploited Sierra Wireless Router Flaw Enabling...

Cisa Adds Actively Exploited Sierra Wireless Router Flaw Enabling...

2025-12-13 0
Apple Issues Security Updates After Two Webkit Flaws Found...

Apple Issues Security Updates After Two Webkit Flaws Found...

2025-12-13 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views