Fortinet, Ivanti, and SAP Issue Urgent Patches for Critical Flaws

Fortinet, Ivanti, and SAP Issue Urgent Patches for Critical Flaws

Multiple enterprise vendors have released emergency patches addressing critical vulnerabilities that are being actively exploited in the wild.

Fortinet FortiOS - CVE-2025-XXXX

Vulnerability Details

| Attribute | Details | |-----------|---------| | Severity | Critical (CVSS 9.6) | | Type | Authentication Bypass | | Affected | FortiOS 7.0.x - 7.4.x | | Exploitation | Active in the wild |

Impact

Unauthenticated attackers can:

  • Bypass SSL VPN authentication
  • Access internal network resources
  • Pivot to additional targets

Remediation

# Verify current version
get system status

# Upgrade to patched version
execute restore image tftp <server> <filename>

Ivanti Connect Secure - CVE-2025-YYYY

Vulnerability Chain

Attackers are chaining two vulnerabilities:

  1. Authentication Bypass: Access admin panel without credentials
  2. Command Injection: Execute arbitrary commands as root

Indicators of Compromise

  • Unexpected admin sessions
  • Modified configuration files
  • Webshells in /dana-na/ directories
  • Outbound connections to suspicious IPs

SAP Applications - Multiple CVEs

Critical Patches

| Application | CVE | Type | CVSS | |-------------|-----|------|------| | SAP NetWeaver | CVE-2025-A | Code Injection | 9.8 | | SAP S/4HANA | CVE-2025-B | Auth Bypass | 9.1 | | SAP BTP | CVE-2025-C | SSRF | 8.6 |

Why SAP Vulnerabilities Matter

SAP systems often contain:

  • Financial transaction data
  • Employee PII
  • Supply chain information
  • Business-critical processes

Immediate Actions Required

  1. Inventory: Identify all affected systems
  2. Prioritize: Focus on internet-facing assets first
  3. Patch: Apply updates during emergency maintenance window
  4. Verify: Confirm successful patching
  5. Hunt: Look for signs of prior compromise

How RaptorX Helps

RaptorX's continuous scanning automatically:

  • Detects vulnerable versions of enterprise software
  • Prioritizes critical CVEs for immediate attention
  • Validates patch effectiveness
  • Monitors for regression after updates

Don't wait for the next Patch Tuesday. RaptorX provides continuous vulnerability assessment so you can remediate before attackers exploit.

Read full advisory →

RaptorX

Autonomous AI agent for red team assessments and VAPT

SOC 2 Type II Certified

SOC 2 Type II

Certified

ISO 27001 Compliant

ISO 27001

Compliant

Resources

DocumentationAPI ReferenceBlogCase StudiesPricing

Company

About UsCareersContactPartnersSecurity Portal

Legal

Privacy PolicyTerms of ServiceCookie PolicySecurity & Compliance

© 2025 RaptorX. All rights reserved.

Built with enterprise-grade security and compliance