Several cybersecurity firms, including Fortinet, Ivanti, and Onapsis, have issued urgent patches to address significant vulnerabilities that could compromise organizational security. Four vulnerabilities, CVE-2025-42880, CVE-2025-55754, CVE-2025-42928, and CVE-2025-10573 have been discovered. They have often scored high on the Common Vulnerability Scoring System (CVSS), underscoring their potential severity.
Onapsis, a Boston-based SAP security platform, recently disclosed two critical vulnerabilities in SAP systems. As of October 3rd, CVE-2025-42880 is the highest code injection vulnerability discovered in SAP Solution Manager with a CVSS score of 9.9. This vulnerability allows a low-privileged authenticated attacker to inject arbitrary code via the `system` function. Additionally, CVE-2025-42928, which has a CVSS score of 9.1, is a deserialization vulnerability affecting the SAP jConnect SDK for Sybase Adaptive Server Enterprise. Both vulnerabilities represent critical threats to any organization using these SAP services.
Details of the Vulnerabilities
The CVSS score of CVE-2025-42880 emphasizes the severity of this vulnerability. A remote unauthenticated attacker can exploit it to execute arbitrary code under the SAP Solution Manager environment. By taking these steps, they can avoid missing the opportunity to regain complete control of any compromised systems.
Thomas Fritsch from Onapsis emphasized the urgency of addressing this vulnerability:
“Given the central role of SAP Solution Manager in the SAP system landscape, we strongly recommend a timely patch.”
Likewise, CVE-2025-42928 poses a high risk because of its deserialization vulnerability. Any organization that utilizes SAP jConnect SDK should immediately patch this vulnerability to protect your organization from future exploitation.
Along with SAP-related vulnerabilities, Ivanti has patched flaws in its Endpoint Manager (EPM). Specifically, CVE-2025-10573 enables an unauthenticated attacker to register malicious managed endpoints with the EPM server. This vulnerability is highly critical because it allows attackers to perform arbitrary device management processes without any detection.
Exploit Mechanisms and Consequences
CVE-2025-10573 could be exploited through the use of a malicious device report sent to the EPM server using simple file formatting. Ryan Emmons, a security researcher at Rapid7 who reported this flaw, noted:
“When an Ivanti EPM administrator views one of the poisoned dashboard interfaces during normal usage, that passive user interaction will trigger client-side JavaScript execution, resulting in the attacker gaining control of the administrator’s session.”
Douglas McKee, director of vulnerability intelligence at Rapid7, further explained the implications:
“While the attack only fully executes when an administrator views the dashboard, this is a routine and necessary task for IT staff; consequently, the likelihood of triggering the exploit during normal operations is high, ultimately allowing the attacker to take control of the administrator’s session.”
This sequence of events illustrates how vulnerabilities can escalate into significant incidents if not addressed in a timely manner.
Broader Security Implications
The introduction of these vulnerabilities is particularly concerning as organizations in every industry continue to face an alarming security landscape. Ensar Seker, Chief Information Security Officer (CISO) at threat intelligence company SOCRadar, remarked on the evolving threat environment:
“Remote code execution via JavaScript injection is no longer theoretical in supply chain attacks; it’s become operationally viable.”
The identification of other vulnerabilities such as CVE-2025-55754 and CVE-2025-59718 demonstrates the need for continuous vigilance in cybersecurity practices. With CVSS scores of 9.6 and 9.8 respectively, organizations need to stay one step ahead in closely tracking and patching these high priority vulnerabilities.
Fortinet has recently announced a critical security vulnerability in its products. This vulnerability would allow an attacker to get around authentication protections with maliciously constructed messages. This serves to highlight that vulnerabilities are not confined to a single sector, but rather permeate all software and systems.