Find notable cyber news and cases, enriched with sources, timelines, and signals.

Fortinet security patch release for CVE-2025-59718

Security Patch Release
First reported
Last updated
Happening score
H score 45
1 unique sources, 1 articles

Summary

Hide ▲

Fortinet, Ivanti, and SAP released December security updates for critical vulnerabilities that could enable authentication bypass or code execution across enterprise products. Fortinet’s fixes cover FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager; Ivanti patched Endpoint Manager; SAP pushed updates for 14 vulnerabilities across SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect SDK. The most urgent issues include CVE-2025-59718, CVE-2025-59719, CVE-2025-10573, and CVE-2025-42880. Organizations are being told to apply the fixes quickly, and Fortinet also recommends temporarily disabling FortiCloud SSO login where it is enabled.

Related Happenings

Fortinet security patch release for CVE-2026-39813

Security Patch Release
H score41 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet** released **April 14** security updates for **FortiSandbox**, covering **CVE-2026-39813**, **CVE-2026-39808**, and **CVE-2026-25089**. The patch release fixes **three...

Fortinet FortiSandbox multi-CVE exploitation wave

Exploitation Wave
H score49 First: 16.06.2026 12:19 Last: 16.06.2026 12:19 Sources 1

About this happening: **Fortinet FortiSandbox** is facing an **active exploitation wave** that puts **affected deployments** at risk of **unauthenticated remote code execution** and **privilege escalat...

Fortinet security patch release for CVE-2026-25089

Security Patch Release
H score44 First: 10.06.2026 18:10 Last: 10.06.2026 18:10 Sources 1

About this happening: **Fortinet**, **Ivanti**, and **SAP** released **security updates** that address multiple **critical vulnerabilities** across **FortiSandbox**, **Ivanti Sentry**, and **SAP** prod...

Latest development: 11.06.2026 09:20

Shadowserver reported large-scale exploitation attempts against Internet-exposed Ivanti Sentry gateways after CVE-2026-10520 was patched in R10.5.2, R10.6.2, and R10.7.1, saying it saw 19 vulnerable instances and at least 2 backdoored systems and warning that unpatched devices were most likely compromised.

Fortinet and Ivanti multi-product security patch release

Security Patch Release
H score47 First: 10.06.2026 11:50 Last: 10.06.2026 11:50 Sources 1

About this happening: **Fortinet** and **Ivanti** released patches on **Tuesday** for multiple product flaws, including **critical OS command injection** and **authentication-bypass** bugs that could e...

Latest development: 11.06.2026 09:20

Attackers are targeting Ivanti Sentry instances with CVE-2026-10520 exploitation attempts after Ivanti patched the maximum-severity OS command injection flaw in R10.5.2, R10.6.2, and R10.7.1. Shadowserver reported 19 vulnerable instances in its scans and at least 2 backdoored gateways, warning that unpatched Internet-exposed secure mobile gateways are likely compromised.

SAP June 2026 Security Patch package for NetWeaver and Commerce Cloud

Security Patch Release
H score24 First: 09.06.2026 22:36 Last: 09.06.2026 22:36 Sources 1

About this happening: **SAP** released fixes for **15 vulnerabilities** in its **June 2026 Security Patch** package, including four **critical** flaws in **SAP NetWeaver** and **SAP Commerce Cloud** th...

Timeline

  1. 10.12.2025 06:50 1 articles · 7mo ago

    Rapid7 reports Ivanti Endpoint Manager stored XSS

    Initial Disclosure

    Rapid7 security researcher Ryan Emmons reported on August 15, 2025 that stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 could let a remote unauthenticated attacker execute arbitrary JavaScript in an administrator session, poison the administrator web dashboard by joining fake managed endpoints to the EPM server, and ultimately gain control of the administrator's session when the poisoned dashboard is viewed.

    Show sources
  2. 10.12.2025 06:50 2 articles · 7mo ago

    Fortinet, Ivanti, and SAP issue December security updates

    Mitigation Patch Update

    Fortinet, Ivanti, and SAP issued December security updates to address critical flaws that could enable authentication bypass or code execution across FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, Endpoint Manager, SAP Solution Manager, SAP Commerce Cloud, and SAP jConnect SDK. The fixes include CVE-2025-59718, CVE-2025-59719, CVE-2025-10573, CVE-2025-13659, CVE-2025-13661, CVE-2025-13662, CVE-2025-42880, CVE-2025-55754, and CVE-2025-42928, and Fortinet advised disabling FortiCloud SSO login if it is enabled until affected devices can be updated.

    Show sources