CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

High-Severity Vulnerabilities Patched by Ivanti and Zoom

Ivanti and Zoom resolved security defects that could lead to arbitrary file writes, elevation of privilege, code execution, and information disclosure. The post High-Severity Vulnerabilities Patched by Ivanti and Zoom appeared first on SecurityWeek.

Enterprise software providers Ivanti and Zoom on Tuesday announced patches for multiple vulnerabilities in their products, including high-severity issues that could lead to arbitrary file writes and code execution.

Ivanti announced fixes for three bugs in Ivanti Endpoint Manager (EMP) that could be abused by unauthenticated attackers for remote code execution, or by local attackers for privilege escalation.

Two of the flaws, tracked as CVE-2025-9713 and CVE-2025-11622, were disclosed in October, after Trend Micro’s Zero Day Initiative (ZDI) dropped 13 unpatched EMP defects.

The two previously disclosed bugs are described as a path traversal and an insecure deserialization issue. The third, CVE-2025-10918, is an insecure default permissions weakness.

Ivanti says all EMP versions before 2024 SU4 are affected by these vulnerabilities. Users are advised to update their EMP deployments as soon as possible.

“We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure,” Ivanti notes in its advisory.

On Tuesday, Zoom published nine advisories detailing three high-severity and six medium-severity bugs in its mobile and desktop clients.

The high-severity flaws, tracked as CVE-2025-62484, CVE-2025-64741, and CVE-2025-64740, could lead to privilege escalation. The first two affect Zoom’s iOS and Android applications, while the third was identified in Zoom Workplace VDI Client for Windows.

Five of the newly resolved medium-severity issues could lead to information disclosure. They impact Zoom’s desktop applications for Linux, macOS, and Windows.

The sixth is an XSS defect in Zoom Workplace and Meeting SDK for Windows that can be exploited without authentication, impacting application integrity.

Zoom makes no mention of any of these vulnerabilities being exploited in the wild.

Related: Adobe Patches 29 Vulnerabilities

Related: Microsoft Patches Actively Exploited Windows Kernel Zero-Day

Related: SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager

Related: QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland

Latest News

CYBERNEWSMEDIAPublisher