Find notable cyber news and cases, enriched with sources, timelines, and signals.

Ivanti security patch release for CVE-2025-13659

Security Patch Release
First reported
Last updated
Happening score
H score 69
2 unique sources, 2 articles

Summary

Hide ▲

Ivanti released security updates for Endpoint Manager to address three high-severity vulnerabilities, including two flaws that could enable unauthenticated code execution on unpatched systems. The bundle includes CVE-2025-13659 and CVE-2025-13662. Exploitation still requires user interaction and contact with an untrusted core server or untrusted configuration files.

Related Happenings

Citrix security patch release for CVE-2026-13474

Security Patch Release
H score35 First: 01.07.2026 06:54 Last: 01.07.2026 06:54 Sources 1

About this happening: **Citrix** released security updates for **NetScaler ADC** and **NetScaler Gateway** to fix **six vulnerabilities** that could enable **arbitrary file reads** or **denial of servi...

SimpleHelp security update for CVE-2026-48558

Security Patch Release
H score65 First: 15.06.2026 23:06 Last: 15.06.2026 23:06 Sources 1

About this happening: **SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...

Splunk Enterprise security update for CVE-2026-20253

Security Patch Release
H score52 First: 13.06.2026 16:23 Last: 13.06.2026 16:23 Sources 1

About this happening: **Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...

Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523

Security Patch Release
H score54 First: 10.06.2026 09:26 Last: 10.06.2026 09:26 Sources 1

About this happening: **Ivanti** released a **patch bundle** for **Sentry** after identifying **two critical vulnerabilities** in the secure mobile gateway appliance, including **CVE-2026-10520** and *...

FortiClient EMS CVE-2026-35616 exploitation wave

Exploitation Wave
H score56 First: 28.05.2026 18:26 Last: 28.05.2026 18:26 Sources 1

About this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...

Timeline

  1. 09.12.2025 19:10 2 articles · 7mo ago

    Ivanti releases Endpoint Manager fixes for critical flaws

    Mitigation Patch Update

    Ivanti warned customers to patch CVE-2025-10573 in Endpoint Manager (EPM) and released security updates for three high-severity vulnerabilities, including CVE-2025-13659 and CVE-2025-13662, which could allow unauthenticated attackers to execute arbitrary JavaScript or arbitrary code on unpatched systems when user interaction and untrusted inputs are involved. Ivanti said CVE-2025-10573 is a stored XSS flaw in versions prior to 2024 SU4 SR1, that the vulnerabilities were disclosed through its responsible disclosure program, and that it has not found evidence of exploitation in attacks. Shadowserver was tracking hundreds of Internet-facing Ivanti EPM instances, including systems in the United States, Germany, and Japan.

    Show sources