Ivanti, Fortinet, and SAP Release Critical Security Updates
Ivanti, Fortinet, and SAP have released critical security updates to address multiple vulnerabilities that could lead to arbitrary code execution and information disclosure. The most concerning issue is a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and the FortiSandbox PaaS WEB UI by Fortinet, which has been assigned CVE-2026-25089 (CVSS score: 9.1). This critical flaw could allow attackers to execute arbitrary code with elevated privileges.
Additionally, Ivanti has released updates for its products to address vulnerabilities that can be exploited in certain scenarios leading to unauthorized information disclosure and potential data breaches. These security patches are crucial for organizations using Ivanti’s Endpoint Security Suite, which includes tools like Ivanti IronPort and Ivanti N-central.
SAP, on the other hand, is addressing several vulnerabilities across its portfolio. Some of these flaws could lead to remote code execution or information leakage, posing significant risks to SAP customers who use affected products such as SAP HANA, SAP S/4HANA Cloud, and others that are part of their ERP Suite.
These companies have taken proactive steps to mitigate the impact of these vulnerabilities by promptly releasing security updates. Organizations should ensure they apply these patches on a timely basis to protect against potential attacks exploiting these critical security weaknesses.
Source: The Hacker News. AI-assisted editorial synthesis — TechnoExpress.