Fortinet and Ivanti have each published new security advisories to inform customers about the vulnerabilities fixed with their August 2025 Patch Tuesday updates.
Fortinet has published 14 new advisories. The most important one, with a critical severity rating, describes CVE-2025-25256, a FortiSIEM flaw that allows an unauthenticated, remote attacker to execute arbitrary code or commands through specially crafted CLI requests.
Fortinet warned that a practical exploit for this vulnerability has been found in the wild — the company’s phrasing suggests that the vulnerability has not been exploited for malicious purposes, but a PoC exploit is public.
Two advisories have a high severity rating. One of them describes CVE-2025-52970, an authentication bypass affecting FortiWeb. It allows a remote attacker to log in as any existing user by leveraging a specially crafted request.
The second high-severity issue is CVE-2024-26009, which impacts FortiOS, FortiPAM, FortyProxy, and FortiSwitchManager.
Fortinet says the flaw can “allow an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager’s serial number.”
The company has patched medium-severity vulnerabilities in FortiManager, FortiWeb, FortiOS, FortiProxy, FortiPAM, FortiADC, FortiSOAR, FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. Many of these security holes can allow arbitrary code execution.
Ivanti’s August 2025 Patch Tuesday updates are described by three advisories. One covers two high-severity authenticated remote code execution vulnerabilities in Ivanti Avalanche.
The second advisory describes a medium-severity issue in Ivanti Virtual Application Delivery Control (vADC) that could allow a remote, authenticated attacker to reset admin passwords and take over the targeted account.
The third advisory is for Ivanti Connect Secure, Policy Secure, ZTA Gateways and Neurons for Secure Access. The products are affected by two high-severity flaws that can be exploited for remote, unauthenticated DoS attacks, and two medium-severity bugs that can be leveraged for DoS attacks and reading arbitrary files.
Ivanti said it’s not aware of any attacks exploiting these vulnerabilities.
However, it’s important that both Ivanti and Fortinet customers install the available patches as soon as possible because it is not uncommon for threat actors to exploit vulnerabilities found in their products.
Related: Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities
Related: FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
Related: Recent Fortinet Vulnerabilities Exploited in ‘SuperBlack’ Ransomware Attacks
