- CompTIA cert targets operational cybersecurity skills
- This Samsung tablet has the power and polish to rival the iPad Air
- You can make a photo come alive with TikTok's new AI tool - here's how
- Trello adds 4 major project management features I didn't know I needed - and they're free
- This 16-inch Dell Inspiron is one of the most versatile laptops I've tested, and it's $200 off right now
New Fortinet and Ivanti Zero Days Exploited in the Wild
Fortinet and Ivanti have warned customers that attackers are exploiting new zero day vulnerabilities affecting a range of products.
The tech firms published separate advisories on the flaws, one of which is critical, on May 13, urging customers to apply fixes as soon as possible.
Cybersecurity vendor Fortinet provided details on a stack-based overflow vulnerability, CVE-2025-32756. An exploit can enable a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
The flaw has been given a critical CVSS score of 9.6.
The vulnerability impacts the following Fortinet products: FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera.
The firm said that flaw has been observed being exploited in the wild on FortiVoice.
In the case observed by Fortinet, the threat actor was able to perform a range of operations on the victim device:
- Scan the device network
- Erase system crashlogs
- Enable fcgi debugging to log credentials from the system or SSH login attempts
No information has been given on the identity of the threat actor.
Fortinet also provided an indicator of compromise (IOC) list, including logs and IP addresses, to help customers check for signs of exploitation.
To check if fcgi debugging is enabled on their system, customers should use the CLI command: diag debug application fcgi.
If the output shows “general to-file ENABLED”, it means fcgi debugging is enabled.
Fortinet has released a patch for the vulnerability, and customers are urged to upgrade their tools to apply the fix.
Organizations can also disable the HTTP/HTTPS administrative interface as a temporary workaround.
Read now: Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls
Ivanti Discloses Open Source Vulnerabilities
Ivanti provided details of two newly discovered vulnerabilities affecting its products, one medium (CVE-2025-4427) and one high severity (CVE-2025-4428).
They both impact Ivanti Endpoint Manager and two open-source libraries integrated into the product.
Ivanti said it is working with maintainers of the libraries to determine if a CVE against the libraries is warranted for the benefit of the broader security ecosystem.
The IT software provider warned that when chained together, successful exploitation could lead to unauthenticated remote code execution.
“We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure,” the company wrote.
Customers should install a fixed version of the product as soon as possible.
There are some workarounds available to reduce the risk of compromise, including filtering access to the API using either the built in Portal ACLs functionality or an external WAF.
Vendors Must Be Held Accountable for “Unforgivable” Vulnerabilities
During a talk at the CYBERUK 2025 conference in May, National Cyber Security Centre (NCSC) CTO Ollie Whitehouse discussed the urgent need for software vendors to be held to account for major security flaws impacting their products.
He argued that the technology market does not currently reward companies that put significant resources into building secure products by design.
“Edge network devices and security devices continue to have a plethora of unforgivable vulnerabilities in them,” Whitehouse commented.
“If even the products that are meant to help us and save us have unforgiveable classes of vulnerabilities, how can we expect a different outcome?” he added.
Read now: Learning from 2024: An Unprecedented Exploitation of Remote Access Technologies
The UK government is taking steps to create market incentives for stronger security in these products, including the growing use of guidelines to stimulate more understanding among consumers.
During CYBERUK, the government unveiled two new cybersecurity assessment schemes to enable firms to demonstrate their cyber resiliency, and boost confidence in the products and services used by organizations.
One of these, the Cyber Resilience Test Facilities (CTFR) program, will develop a network of assured facilities that can independently audit the cybersecurity of technology vendors’ products in a consistent and structured way.
