Ivanti and Zoom have released security patches to address multiple critical vulnerabilities in their products, including issues that could allow remote code execution, privilege escalation, and information disclosure. Users are urged to update their systems promptly to prevent potential exploitation. #IvantiEMP #ZoomVulnerabilities
Keypoints
- Ivanti fixed three critical bugs in Endpoint Manager that could allow remote code execution and privilege escalation.
- Two of the disclosed vulnerabilities, CVE-2025-9713 and CVE-2025-11622, involve path traversal and insecure deserialization.
- All Ivanti EMP versions before 2024 SU4 are affected, and updating is strongly recommended.
- Zoom addressed nine vulnerabilities, including three high-severity bugs that could lead to privilege escalation on mobile and desktop clients.
- Medium-severity issues in Zoom could cause information disclosure and an XSS vulnerability affecting Windows applications.
Read More: https://www.securityweek.com/high-severity-vulnerabilities-patched-by-ivanti-and-zoom/