Wild exploitation of zero-day vulnerabilities found in Fortinet and Ivanti systems reported
In a recent development, tech firms Ivanti and Fortinet have issued warnings about new zero-day vulnerabilities affecting their products.
For Ivanti, the vulnerabilities affect Ivanti Endpoint Manager and two open-source libraries integrated into the product. The high severity vulnerability, CVE-2025-4428, can enable a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests. Ivanti is working with the maintainers of the libraries to determine if a CVE against the libraries is warranted.
On the other hand, Fortinet has published details on a critical stack-based overflow vulnerability, CVE-2025-32756, which impacts FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera products. The flaw has been observed being exploited in the wild on FortiVoice. Fortinet has released a patch for the vulnerability, and customers are urged to upgrade their tools to apply the fix.
When chained together, successful exploitation of both vulnerabilities could lead to unauthenticated remote code execution. As a temporary workaround, organizations can disable the HTTP/HTTPS administrative interface.
In response to such cyber threats, the UK government is taking steps to create market incentives for stronger security in products. The Cyber Resilience Test Facilities (CTFR) program will develop a network of assured facilities to independently audit the cybersecurity of technology vendors' products in a consistent and structured way.
The government is also unveiling two new cybersecurity assessment schemes and using guidelines to stimulate consumer understanding. These measures aim to enhance the security posture of products and protect users from potential attacks.
It's important to note that no information has been given on the identity of the threat actor. However, Fortinet has provided an indicator of compromise (IOC) list, including logs and IP addresses, to help customers check for signs of exploitation.
Customers should install a fixed version of the product as soon as possible. To check if fcgi debugging is enabled on their system, Ivanti customers can use the CLI command: . If the output shows "general to-file ENABLED", it means fcgi debugging is enabled.
While a very limited number of Ivanti customers have been exploited at the time of disclosure, it's crucial for all users to take necessary precautions to secure their systems. The ongoing efforts by tech firms and governments to address such vulnerabilities and improve cybersecurity are commendable and will undoubtedly contribute to a safer digital environment.
Read also:
- Strengthening Defense against Multi-faceted menaces in the Age of Authority-driven Technology
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
- Web3 Esports undergoes transformation as Aylab and CreataChain collaborate for a radical change
- Latest Tech Highlights: Top Gadgets of March 2025
