Fortinet and Ivanti have rolled out critical security updates as part of their October 2025 Patch Tuesday, addressing several high-severity vulnerabilities across their products. The companies urged customers to install the patches immediately, as their systems are frequent targets of cyberattacks.
Fortinet released 29 new advisories covering over 30 vulnerabilities across its ecosystem. Several of these flaws received high-severity ratings. One of the most concerning is CVE-2025-54988, which affects FortiDLP through its use of Apache Tika. The flaw in Tika could allow attackers to read sensitive data or send malicious requests to internal systems or third-party servers.
Other FortiDLP issues include CVE-2025-53951 and CVE-2025-54658, which could let authenticated users escalate privileges to LocalService or Root using specially crafted requests.
A separate vulnerability, CVE-2025-58325, was found in FortiOS. It allows authenticated users to execute system commands through privilege escalation. Another issue, CVE-2024-33507, impacts FortiIsolator and enables remote attackers to manipulate session cookies—either deauthenticating administrators or gaining write privileges depending on the attacker’s access level.
The LaunchDaemon component of FortiClientMac was also found to contain a high-severity privilege escalation flaw (CVE-2025-57741), while CVE-2025-49201 affects FortiPAM and FortiSwitchManager, allowing brute-force authentication bypass.
Beyond these high-severity vulnerabilities, Fortinet also patched a range of medium- and low-severity issues across its suite, including FortiProxy, FortiManager, FortiAnalyzer, FortiRecorder, FortiVoice, FortiSOAR, and FortiSIEM. These bugs could have enabled arbitrary code execution, DLL hijacking, denial-of-service attacks, data exposure, or privilege escalation. Fortinet confirmed that most of these issues were discovered internally and that no exploitation has been observed in the wild.
Ivanti, meanwhile, announced fixes for vulnerabilities in Endpoint Manager Mobile (EPMM) and Neurons for MDM. It also issued an advisory for Endpoint Manager, offering mitigation steps for flaws disclosed earlier this month.
In EPMM, Ivanti patched three high-severity vulnerabilities that could allow authenticated administrators to execute arbitrary code. A medium-severity bug that enabled authenticated users to write arbitrary data to disk was also fixed.
In Neurons for MDM, Ivanti addressed two high-severity flaws. One allowed an authenticated admin to unenroll arbitrary devices, effectively removing them from the Unified Endpoint Manager interface. The second was a multi-factor authentication (MFA) bypass, which could let remote attackers with valid credentials access accounts without secondary verification.
Ivanti also resolved a medium-severity API vulnerability that could expose sensitive user data to unauthenticated attackers. Like Fortinet, Ivanti reported no evidence of these vulnerabilities being actively exploited.
Both companies’ products have historically been popular targets for cybercriminals due to their widespread enterprise use. Security experts recommend that organizations apply the latest patches immediately and review their system configurations to reduce potential exposure.
