Fortinet security patch release for CVE-2025-59718
Security Patch Release
Summary
Hide ▲
Show ▼
Fortinet, Ivanti, and SAP released December security updates for critical vulnerabilities that could enable authentication bypass or code execution across enterprise products. Fortinet’s fixes cover FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager; Ivanti patched Endpoint Manager; SAP pushed updates for 14 vulnerabilities across SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect SDK. The most urgent issues include CVE-2025-59718, CVE-2025-59719, CVE-2025-10573, and CVE-2025-42880. Organizations are being told to apply the fixes quickly, and Fortinet also recommends temporarily disabling FortiCloud SSO login where it is enabled.
Related Happenings
Fortinet security patch release for CVE-2026-39813
Security Patch Release
H score41
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet security patch release for CVE-2026-39813
Security Patch ReleaseAbout this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...
Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation Wave
H score49
First: 16.06.2026 12:19
Last: 16.06.2026 12:19
Sources 1
About this happening:
**Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...
Fortinet FortiSandbox multi-CVE exploitation wave
Exploitation WaveAbout this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...
Fortinet security patch release for CVE-2026-25089
Security Patch Release
H score44
First: 10.06.2026 18:10
Last: 10.06.2026 18:10
Sources 1
About this happening:
**Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...
Fortinet security patch release for CVE-2026-25089
Security Patch ReleaseAbout this happening: **Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...
Latest development: 11.06.2026 09:20
Shadowserver reported large-scale exploitation attempts against Internet-exposed Ivanti Sentry gateways after CVE-2026-10520 was patched in R10.5.2, R10.6.2, and R10.7.1, saying it saw 19 vulnerable instances and at least 2 backdoored systems and warning that unpatched devices were most likely compromised.
Fortinet and Ivanti multi-product security patch release
Security Patch Release
H score47
First: 10.06.2026 11:50
Last: 10.06.2026 11:50
Sources 1
About this happening:
**Fortinet** and **Ivanti** released patches on **Tuesday** for multiple product flaws, including **critical OS command injection** and **authentication-bypass** bugs that could e...
Fortinet and Ivanti multi-product security patch release
Security Patch ReleaseAbout this happening: **Fortinet** and **Ivanti** released patches on **Tuesday** for multiple product flaws, including **critical OS command injection** and **authentication-bypass** bugs that could e...
Latest development: 11.06.2026 09:20
Attackers are targeting Ivanti Sentry instances with CVE-2026-10520 exploitation attempts after Ivanti patched the maximum-severity OS command injection flaw in R10.5.2, R10.6.2, and R10.7.1. Shadowserver reported 19 vulnerable instances in its scans and at least 2 backdoored gateways, warning that unpatched Internet-exposed secure mobile gateways are likely compromised.
SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud
Security Patch Release
H score24
First: 09.06.2026 22:36
Last: 09.06.2026 22:36
Sources 1
About this happening:
**SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...
SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud
Security Patch ReleaseAbout this happening: **SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...
Timeline
-
10.12.2025 06:50 1 articles · 7mo ago
Rapid7 reports Ivanti Endpoint Manager stored XSS
Initial DisclosureRapid7 security researcher Ryan Emmons reported on August 15, 2025 that stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 could let a remote unauthenticated attacker execute arbitrary JavaScript in an administrator session, poison the administrator web dashboard by joining fake managed endpoints to the EPM server, and ultimately gain control of the administrator's session when the poisoned dashboard is viewed.
Show sources
- Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws — thehackernews.com — 10.12.2025 06:50
-
10.12.2025 06:50 2 articles · 7mo ago
Fortinet, Ivanti, and SAP issue December security updates
Mitigation Patch UpdateFortinet, Ivanti, and SAP issued December security updates to address critical flaws that could enable authentication bypass or code execution across FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, Endpoint Manager, SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect SDK. The fixes include CVE-2025-59718, CVE-2025-59719, CVE-2025-10573, CVE-2025-13659, CVE-2025-13661, CVE-2025-13662, CVE-2025-42880, CVE-2025-55754, and CVE-2025-42928, and Fortinet advised disabling FortiCloud SSO login if it is enabled until affected devices can be updated.
Show sources
- Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws — thehackernews.com — 10.12.2025 06:50
- Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws — thehackernews.com — 10.12.2025 06:50