Fortinet, Ivanti, and SAP have released updates to address critical security flaws in their products. These vulnerabilities could allow authentication bypass or remote code execution if successfully exploited.
Fortinet Critical Vulnerabilities (CVE-2025-59718 and CVE-2025-59719)
Fortinet has addressed two critical vulnerabilities (CVSS 9.8) affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. The flaws, identified as CVE-2025-59718 and CVE-2025-59719, are due to incorrect verification of the cryptographic signature (CWE-347).
- Impact: An unauthenticated attacker could bypass FortiCloud SSO login authentication via a crafted SAML message, if the FortiCloud SSO feature is enabled on the device.
- Temporary Mitigation: While this feature is not enabled by default, administrators should verify if it was enabled during device registration in FortiCare. It is recommended to temporarily disable the FortiCloud login feature until the update can be applied.
Mitigation Instructions:
- From the GUI: Go to System -> Settings -> Disable “Allow administrative login using FortiCloud SSO”.
- From the CLI: Run
config system global set admin-forticloud-sso-login disable end.
Critical Bug in Ivanti Endpoint Manager (CVE-2025-10573)
Ivanti released patches for four flaws in Endpoint Manager (EPM), highlighting one of critical severity (CVSS 9.6) that allows code execution in the EPM console.
- Bug Description: CVE-2025-10573 is a Stored Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious JavaScript into the administration dashboard.
- Exploitation Mechanism: The attacker sends a fake device report to the EPM server. When an administrator views the poisoned dashboard, the JavaScript is executed in the context of the administrator’s session, allowing the attacker to take control of the session.
- Expert Opinion: Rapid7’s Ryan Emmons, who discovered the flaw, warns that the exploit is trivial. Rapid7’s Douglas McKee notes that while it requires administrator interaction, the high frequency of this routine task makes the likelihood of exploitation high. SOCRadar’s Ensar Seker highlights that this vulnerability has significant exploitation potential, especially if combined with social engineering.
- Solution: The vulnerability has been corrected in the EPM 2024 SU4 SR1 version.
Ivanti also fixed three other high severity vulnerabilities (CVE-2025-13659, CVE-2025-13661, and CVE-2025-13662) in the same release. One of them, CVE-2025-13662, is also due to improper cryptographic signature verification in the patch management component.
Critical SAP Failures
SAP has released its December security update to fix 14 vulnerabilities, including three of critical severity in key products:
- CVE-2025-42880 (CVSS 9.9): Code injection vulnerability in SAP Solution Manager. Allows an authenticated attacker to inject arbitrary code. Patching is highly recommended due to Solution Manager’s central role in the SAP environment.
- CVE-2025-55754 (CVSS 9.6): Multiple vulnerabilities in Apache Tomcat within SAP Commerce Cloud.
- CVE-2025-42928 (CVSS 9.1): Deserialization vulnerability in SAP jConnect SDK for Sybase Adaptive Server Enterprise (ASE). Allows remote code execution, but requires elevated privileges.
Conclusion
Given the critical nature of these vulnerabilities and the frequency with which malicious actors exploit known flaws, it is critical that organizations patch their Fortinet, Ivanti, and SAP products as soon as possible. Inaction can result in authentication bypass, administrator session takeover, and arbitrary code execution, putting enterprise infrastructure at risk.