Fortinet and Ivanti have simultaneously released their essential October 2025 Patch Tuesday updates, designed to correct numerous serious security vulnerabilities across their wide-ranging product portfolios. Fortinet’s release is substantial, encompassing 29 new advisories that cover more than 30 distinct vulnerabilities. Several of these were rated ‘high severity,’ notably CVE-2025-54988 affecting FortiDLP. This particular flaw stems from the product’s use of Apache Tika, which contained a critical vulnerability allowing attackers to read sensitive data or send malicious requests to internal servers. FortiDLP was also patched for two additional privilege escalation flaws that could grant an authenticated attacker Root or LocalService privileges.
Beyond the Tika-related issue, Fortinet addressed several other critical access and escalation problems across its suite. A high-severity patch, CVE-2025-58325, fixed a privilege escalation flaw in FortiOS that allowed authenticated attackers to execute system commands. Furthermore, FortiIsolator was impacted by CVE-2024-33507, which could allow a remote attacker to deauthenticate logged-in administrators or gain write privileges using specially crafted cookies. Other high-severity issues included a privilege escalation in FortiClientMac’s LaunchDaemon component and an authentication bypass vulnerability affecting both FortiPAM and FortiSwitchManager.
The scope of Fortinet’s patches extended well beyond the high-severity items, covering medium- and low-severity flaws across almost twenty products, including FortiProxy, FortiAnalyzer, FortiWeb, and FortiADC. These weaknesses collectively presented a broad risk surface, potentially enabling attackers to achieve arbitrary code execution, DLL hijacking, sensitive data theft, XSS attacks, denial-of-service conditions, and further privilege escalation. While the number of patches is large and the potential impact is severe, Fortinet reported that many issues were discovered internally and, critically, there is no evidence that any of these vulnerabilities have been actively exploited in the wild.
Shifting focus to Ivanti, the company released patches for vulnerabilities impacting Endpoint Manager Mobile (EPMM) and Neurons for MDM, while also advising on mitigation options for previously disclosed Endpoint Manager vulnerabilities. The EPMM update resolved three high-severity flaws that permitted an authenticated administrator to execute arbitrary code, alongside a medium-severity issue allowing disk-based data writing. The Neurons for MDM update addressed two high-severity issues: one enabling an authenticated admin to unenroll arbitrary devices (making them disappear from the UEM interface), and a separate flaw constituting an MFA bypass exploitable by a remote, authenticated actor. A medium-severity API vulnerability that leaked sensitive user information to an unauthenticated remote attacker was also fixed in Neurons for MDM.
Despite both Fortinet and Ivanti having no evidence of current active exploitation for any of the flaws disclosed in this patch cycle, the sheer depth and breadth of the vulnerabilities—spanning from critical backend component flaws to user-facing authentication bypasses—underscore the serious risk they pose. Since products from both vendors are frequent targets of sophisticated threat actors, customers should not delay. It is strongly recommended that all available patches be applied immediately to safeguard enterprise networks and mobile device management systems against potential attacks.
Reference:
