Fortinet and Ivanti have released critical security updates as part of their August 2025 Patch Tuesday, addressing multiple vulnerabilities across their products.
Fortinet Highlights
- Issued 14 advisories, including CVE-2025-25256, a critical FortiSIEM flaw allowing remote code execution via crafted CLI requests. A public exploit exists, though no malicious use has been confirmed.
- CVE-2025-52970 enables authentication bypass in FortiWeb, letting attackers log in as any user.
- CVE-2024-26009 affects several Fortinet products and could let attackers take control of managed devices if they know the FortiManager serial number.
- Additional medium-severity bugs were patched across FortiManager, FortiWeb, FortiOS, and more, many allowing arbitrary code execution.
Ivanti Highlights
- Three advisories cover high-severity RCE flaws in Ivanti Avalanche and a medium-severity issue in vADC that could let attackers reset admin passwords.
- Ivanti Connect Secure and related products were patched for high-severity unauthenticated DoS vulnerabilities and medium-severity flaws enabling DoS and file access.
- No active exploitation has been reported, but users are urged to apply patches promptly to avoid potential threats.
- Both companies stress the importance of updating systems immediately to prevent future attacks.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
