Fortinet and Ivanti have announced their October 2025 Patch Tuesday updates, which fix potentially serious vulnerabilities across their products.
Fortinet has published 29 new advisories covering more than 30 vulnerabilities. Several of the flaws have been assigned a ‘high severity’ rating, including CVE-2025-54988, which impacts FortiDLP due to its use of Apache Tika. Tika is impacted by a critical flaw allowing an attacker to read sensitive data or send malicious requests to internal resources or third-party servers.
FortiDLP is also affected by CVE-2025-53951 and CVE-2025-54658, which can allow an authenticated attacker to escalate privileges to LocalService or Root by sending a specially crafted request.
A privilege escalation vulnerability that enables an authenticated attacker to execute system commands has been patched in FortiOS. The security hole is tracked as CVE-2025-58325.
Another high-severity issue is CVE-2024-33507, which impacts FortiIsolator and allows a remote attacker to use specially crafted cookies to deauthenticate logged-in administrators (unauthenticated attacker) or to gain write privileges (authenticated attacker).
A privilege escalation issue in the LaunchDaemon component of FortiClientMac has also been classified as ‘high severity’. The issue is tracked as CVE-2025-57741.
The last high-severity issue is CVE-2025-49201, which impacts FortiPAM and FortiSwitchManager and allows an attacker to bypass authentication through a brute-force attack.
Medium- and low-severity flaws have been patched in FortiOS, FortiPAM, FortiProxy, FortiClientMac, FortiClientWindows, FortiADC, FortiDLP, FortiSwitchManager, FortiManager, FortiAnalyzer, FortiSRA, FortiRecorder, FortiTester, FortiVoice, FortiWeb, FortiSASE, FortiSOAR, and FortiSIEM.
These weaknesses can be exploited for arbitrary code execution, DLL hijacking, obtaining sensitive data, bypassing security features, causing a DoS condition, conducting XSS attacks, redirecting users, and escalating privileges.
There is no evidence that these vulnerabilities have been exploited in the wild. Many of the issues were discovered internally by Fortinet.
Ivanti has announced the availability of patches for vulnerabilities in Endpoint Manager Mobile (EPMM) and Neurons for MDM. Ivanti has also published an advisory for Endpoint Manager to provide mitigation options for vulnerabilities disclosed earlier this month.
In EPMM, Ivanti addressed three high-severity flaws that can be exploited by an authenticated attacker with admin privileges to execute arbitrary code. The company also fixed one medium-severity issue allowing an authenticated attacker to write data on the disk.
In Neurons for MDM, Ivanti fixed two high-severity issues. One of them allows an authenticated attacker with admin permissions to “unenroll arbitrary devices, causing the targeted device to disappear from the Unified Endpoint Manager UI”. The second issue is an MFA bypass that can be exploited by a remote, authenticated attacker.
A medium-severity flaw allowing a remote, unauthenticated attacker to access sensitive user information via an API endpoint has also been fixed in Neurons for MDM.
Ivanti also said it has no evidence that any of these vulnerabilities are being exploited in the wild.
However, both Ivanti and Fortinet product vulnerabilities are often targeted by threat actors and it’s important that their customers apply available patches as soon as possible.
Related: CISA Analyzes Malware From Ivanti EPMM Intrusions
Related: Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign
Related: ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities
