Fortinet security patch release for CVE-2025-59718
Security Patch Release
Summary
Hide ▲
Show ▼
Fortinet, Ivanti, and SAP released December security updates for critical vulnerabilities that could enable authentication bypass or code execution across enterprise products. Fortinet’s fixes cover FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager; Ivanti patched Endpoint Manager; SAP pushed updates for 14 vulnerabilities across SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect SDK. The most urgent issues include CVE-2025-59718, CVE-2025-59719, CVE-2025-10573, and CVE-2025-42880. Organizations are being told to apply the fixes quickly, and Fortinet also recommends temporarily disabling FortiCloud SSO login where it is enabled.
Related Happenings
Ivanti security patch release for CVE-2026-8043
Security Patch Release
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)
Security Patch Release
First: 12.05.2026 14:04
Last: 12.05.2026 14:04
Sources 1
About this happening:
**SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...
SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)
Security Patch ReleaseAbout this happening: **SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch Release
First: 07.04.2026 12:26
Last: 07.04.2026 12:26
Sources 1
About this happening:
**Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch ReleaseAbout this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector Action
First: 17.03.2026 07:23
Last: 17.03.2026 07:23
Sources 1
About this happening:
CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector ActionAbout this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation Wave
First: 18.02.2026 08:52
Last: 18.02.2026 08:52
Sources 1
About this happening:
**CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation WaveAbout this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
Timeline
-
10.12.2025 06:50 1 articles · 5mo ago
Rapid7 reports Ivanti Endpoint Manager stored XSS
Initial DisclosureRapid7 security researcher Ryan Emmons reported on August 15, 2025 that stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 could let a remote unauthenticated attacker execute arbitrary JavaScript in an administrator session, poison the administrator web dashboard by joining fake managed endpoints to the EPM server, and ultimately gain control of the administrator's session when the poisoned dashboard is viewed.
Show sources
- Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws — thehackernews.com — 10.12.2025 06:50
-
10.12.2025 06:50 2 articles · 5mo ago
Fortinet, Ivanti, and SAP issue December security updates
Mitigation Patch UpdateFortinet, Ivanti, and SAP issued December security updates to address critical flaws that could enable authentication bypass or code execution across FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, Endpoint Manager, SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect SDK. The fixes include CVE-2025-59718, CVE-2025-59719, CVE-2025-10573, CVE-2025-13659, CVE-2025-13661, CVE-2025-13662, CVE-2025-42880, CVE-2025-55754, and CVE-2025-42928, and Fortinet advised disabling FortiCloud SSO login if it is enabled until affected devices can be updated.
Show sources
- Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws — thehackernews.com — 10.12.2025 06:50
- Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws — thehackernews.com — 10.12.2025 06:50