(TLP:CLEAR) High Severity Vulnerabilities Patched in Fortinet and Ivanti Products

Summary: Fortinet and Ivanti announced fixes for over a dozen vulnerabilities across their product portfolios, including multiple high-severity flaws, as part of their June patch Tuesday security updates.

Ivanti updated three high-severity vulnerabilities in Workspace Control (IWC) that have the potential to lead to credential leaks. These are tracked as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455.

Fortinet released 14 patches on Tuesday addressing one high-severity and many medium-severity vulnerabilities. The high-severity vulnerability is tracked as CVE-2025-31104 is described as an OS command injection vulnerability in FortiADC that could allow an authenticated attacker to execute arbitrary code using crafted HTTP requests.

Analyst Note: WaterISAC actively tracks and shares with members critical vulnerabilities in both Ivanti and Fortinet products as these products are widely used within the sector, often have high-risk vulnerabilities associated with them requiring updates, and are targeted by many of the threat actors who focus on the water sector and other critical infrastructure sectors. Notably, there were three incidents recorded in WaterISAC’s Quarterly Incident Report (Q1 of 2024) which involved Ivanti vulnerabilities creating further issues. WaterISAC urges members to update their systems as indicated in the advisories from Ivanti and Fortinet respectively. Additionally, members are encouraged to review WaterISAC’s previous coverage of these types of vulnerabilities for additional recommendations and best practices.

Original Source: https://www.securityweek.com/fortinet-ivanti-patch-high-severity-vulnerabilities/

Additional Reading:

Mitigation Recommendations:

Related WaterISAC PIRs: 6, 8, 9, 12

You are here

(TLP:CLEAR) High Severity Vulnerabilities Patched in Fortinet and Ivanti Products

(TLP:CLEAR) High Severity Vulnerabilities Patched in Fortinet and Ivanti Products

Related Resources

Footer Email Signup