Table of Contents
In this week’s Security Advisory
- Fortinet Patches Multiple Vulnerabilities
- SAP Releases Monthly Patch Update
- Microsoft’s August Patch Tuesday Release
- Adobe Releases Patches to Over 60 Vulnerabilities
- Zoom Patches Critical Severity Vulnerability
Fortinet Patches Multiple Vulnerabilities
Fortinet has released patches for 14 vulnerabilities. The most critical of these is CVE-2025-25256 (CVSS 9.8/10), which affects the FortiSIEM application. This allows an unauthenticated, remote attacker the ability to execute code on the host. Fortinet has warned that an exploit for this vulnerability exists in the wild.
Of note, CyberMaxx has already taken steps to globally mitigate our equipment against these vulnerabilities.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://www.fortiguard.com/psirt
- https://thehackernews.com/2025/08/fortinet-warns-about-fortisiem.html
SAP Releases Monthly Patch Update
SAP released patches for 15 new vulnerabilities, as well as updates to four previously released patches. There are two new critical vulnerabilities, CVE-2025-42950 (CVSS 9.9/10) affecting the SAP S/4HANA (Private Cloud or On-Premise) application and CVE-2025-42957 (9.9/10) affecting the SAP Landscape Transformation (Analysis Platform). Both of these vulnerabilities can be exploited by code execution and lead to a full system compromise.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html
- https://www.securityweek.com/sap-patches-critical-s-4hana-vulnerability/
Microsoft’s August Patch Tuesday Release
Microsoft has released its Patch Tuesday for August. This includes security updates for 111 vulnerabilities. This also fixes 13 critical-severity vulnerabilities, nine of which are remote code execution vulnerabilities, three are information disclosure, and one is elevation of privileges.
This includes CVE-2025-53786 (CVSS 8/10), a vulnerability that allows an attacker to pivot from a compromised Microsoft Exchange Server directly into an organization’s cloud environment, potentially gaining control over Exchange Online and other connected Microsoft Office 365 services.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/
- https://www.securityweek.com/microsoft-patches-over-100-vulnerabilities/
- https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html
Adobe Releases Patches to Over 60 Vulnerabilities
Adobe released patches for over 60 security vulnerabilities across various products used for 3D design, content creation, and publishing. Critical issues mainly involve code execution and memory leaks were patched in tools such as Substance 3D, Photoshop, Illustrator, Animate, and Frame Maker. Commerce and Magento received fixes for privilege escalation, denial of service, and arbitrary file system read flaws, including two security feature bypass issues. Nearly 20 critical vulnerabilities for arbitrary code execution were addressed for InCopy and InDesign updates. Adobe reports no known attacks in the wild.
Affected Versions
- A full list of all affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://www.securityweek.com/adobe-patches-over-60-vulnerabilities-across-13-products/
- https://helpx.adobe.com/security.html
Zoom Patches Critical Severity Vulnerability
Zoom released a patch for a new vulnerability, CVE-2025-49457 (CVSS 9.6/10). This is an untrusted search path in Windows Zoom clients that can lead to privilege escalation.
Affected Versions
- Zoom Workplace for Windows before version 6.3.10.
- Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12).
- Zoom Rooms for Windows before version 6.3.10.
- Zoom Rooms Controller for Windows before version 6.3.10.
- Zoom Meeting SDK for Windows before version 6.3.10.
Recommendations
- Install the latest updates from Zoom’s website.
- Recent versions of Zoom have auto-update enabled by default. Organizations should confirm that the setting is not disabled, and they are not running any versions where the auto-update setting was not enabled by default. If updates are not set to auto-update, organizations need to ensure that they are communicating the need to update browsers with their users. Follow-up confirmation that the updates have been applied with users is essential. Additionally, browsers must be restarted to apply updates.
More Reading / Information
- https://www.zoom.com/en/trust/security-bulletin/zsb-25030/?lang=null
- https://thehackernews.com/2025/08/zoom-and-xerox-release-critical.html
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities will have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.