Microsoft, Fortinet & Ivanti Warn About Actively Exploited Zero Day Vulnerabilities

Posted by Steve Alder

Microsoft, Fortinet & Ivanti have all notified customers about vulnerabilities in their products that are known to have been exploited by threat actors. Prompt patching is strongly recommended, and workaround/mitigations should be implemented if patching must be delayed.

Microsoft

On Patch Tuesday, Microsoft issued patches for five vulnerabilities known to have been exploited in the wild, plus two publicly disclosed zero-day vulnerabilities. The actively exploited  vulnerabilities are:

Product CVE Severity Type Outcome
Microsoft DWM Core Library CVE-2025-30400 Important Elevation of Privilege Local elevation of privilege to SYSTEM
Windows Common Log File System CVE-2025-32701 Important Elevation of Privilege Local elevation of privilege to SYSTEM
Windows Common Log File System CVE-2025-32706 Important Elevation of Privilege Local elevation of privilege to SYSTEM
Windows Ancillary Function Driver CVE-2025-32709 Important Elevation of Privilege Local elevation of privilege to SYSTEM
Microsoft Scripting Engine CVE-2025-30397 Important Memory Corruption Code execution

The following vulnerabilities have been publicly disclosed:

Product CVE Severity Type Outcome
Microsoft Defender CVE-2025-26685 Important Identity Spoofing Spoofing of another account over an adjacent network
Visual Studio CVE-2025-32702 Important Remote Code Execution Local code execution by an unauthenticated attacker

Microsoft also released patches for six critical vulnerabilities that are not known to have been exploited but should be prioritized. They affect Microsoft Office (CVE-2025-30377 and CVE-2025-30386), Microsoft Power Apps (CVE-2025-47733), Remote Desktop Gateway Service (CVE-2025-29967), and Windows Remote Desktop (CVE-2025-29966).

Fortinet

Fortinet has issued a security advisory about a critical vulnerability affecting its FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera products. The stack-based buffer overflow vulnerability has been assigned a CVSS v4 severity score of 9.6 (CVSS v3.1: 9.8) and can be exploited by a remote unauthenticated hacker by sending HTTP requests with a specially crafted hash cookie. Successful exploitation of the vulnerability can allow arbitrary code execution.

Fortinet said it has observed exploitation of the vulnerability on FortiVoice. The threat actor scanned the device network, erased system crashlogs, and enabled fcgi debugging to log credentials from the system or SSH login attempts. The vulnerability is tracked as CVE-2025-32756 and affects the following product versions:

Affected Product Affected Versions Fixed Versions
FortiVoice 7.2.0 Upgrade to 7.2.1 or above
7.0.0 through 7.0.6 Upgrade to 7.0.7 or above
6.4.0 through 6.4.10 Upgrade to 6.4.11 or above
FortiRecorder 7.2.0 through 7.2.3 Upgrade to 7.2.4 or above
7.0.0 through 7.0.5 Upgrade to 7.0.6 or above
6.4.0 through 6.4.5 Upgrade to 6.4.6 or above
FortiMail 7.6.0 through 7.6.2 Upgrade to 7.6.3 or above
7.4.0 through 7.4.4 Upgrade to 7.4.5 or above
7.2.0 through 7.2.7 Upgrade to 7.2.8 or above
7.0.0 through 7.0.8 Upgrade to 7.0.9 or above
FortiNDR 7.6.0 Upgrade to 7.6.1 or above
7.4.0 through 7.4.7 Upgrade to 7.4.8 or above
7.2.0 through 7.2.4 Upgrade to 7.2.5 or above
7.1 all versions Migrate to a fixed release
7.0.0 through 7.0.6 Upgrade to 7.0.7 or above
1.1 through 1.5 Migrate to a fixed release
FortiCamera 2.1.0 through 2.1.3 Upgrade to 2.1.4 or above
2.0 all versions Migrate to a fixed release
1.1 all versions Migrate to a fixed release

Fortinet has issued indicators of Compromise in its security alert. If immediate patching is not possible, Fortinet recommends disabling the HTTP/HTTPS administrative interface

Ivanti

Ivanti has issued a security advisory about two vulnerabilities affecting the Ivanti Endpoint Manager Mobile (EPMM) solution, one is a medium severity flaw and the other is high severity flaw. The two vulnerabilities can be chained together and can allow unauthenticated remote code execution. Ivanti explained that the two vulnerabilities are associated with open-source code used in the EPMM, and not within Ivanti’s code.

The medium severity flaw is tracked as CVE-2025-4427 and is an authentication bypass flaw with a CVSS v3.1 severity score of 5.3. The second vulnerability is a remote code execution vulnerability with a CVSS v3.1 severity score of 7.2

Affected Product Affected Versions Fixed Versions
Ivanti Endpoint Mobile Manager 11.12.0.4 and prior 11.12.0.5 and later
12.3.0.1 and prior 12.3.0.2 and later
12.4.0.1 and prior 12.4.0.2 and later
12.5.0.0 and prior 12.5.0.1 and later

Ivanti said users should upgrade to the latest version as soon as possible; however, risk can be greatly reduced if the user filters access to the API using the built-in Portal ACLs or an external WAF.

The post Microsoft, Fortinet & Ivanti Warn About Actively Exploited Zero Day Vulnerabilities appeared first on The HIPAA Journal.

Robeson Health Care Corp. Agrees to $750K Data Breach Settlement

Posted by Steve Alder

Robeson Health Care Corporation, a Pembroke, North Carolina-based integrated health system, has agreed to settle a class action lawsuit that alleged hackers compromised its network in a February 2023 cyberattack, exposing the protected health information of 62,627 individuals.

Hackers gained access to its network on or around February 21, 2023, and potentially accessed or acquired protected health information such as names, dates of birth, Social Security numbers, diagnosis and treatment information, medical record numbers, Medicare/Medicaid numbers, prescription information, health insurance information, and other sensitive data. The affected individuals started to be notified about the data breach on April 21, 2023.

In early to mid-May 2023, three lawsuits were filed against Robeson Health Care Corp. over the data breach by plaintiffs Julianna McKenzie, Judith Hammonds, and Ronnie McGriff in the United States District Court for the Eastern District of North Carolina. The plaintiffs asserted several claims, including negligence for failing to implement reasonable and appropriate safeguards to secure its network and protect patient data from unauthorized access. Robeson Health Care Corp. denies all claims and contentions in the lawsuit, including charges of wrongdoing and liability. Since continuing with the action would likely be expensive and protracted, all parties agreed to negotiate an appropriate settlement. That settlement has been determined to be fair by all parties and has received preliminary approval from the Superior Court of the State of North Carolina for the County of Robeson.

Under the terms of the settlement, Robeson Health Care Corp. has agreed to pay for benefits for class members, which will be capped at $750,000. Class members may submit a claim for up to $2,500 for reimbursement of documented, unreimbursed out-of-pocket losses that resulted from the data breach. Attorneys’ fees and costs have been capped at $250,000, and each of the three plaintiffs will receive a service award of $1,500.

Alternatively, class members may choose to receive a cash payment of $50, which will be paid pro rata after claims have been paid. The cash payments may be higher or lower depending on the number of claims received. In addition, class members can claim two years of single-bureau credit monitoring services. The deadline for exclusion from and objection to the settlement is June 23, 2025. The final approval hearing has been scheduled for July 21, 2025, and the deadline for submitting claims is August 6, 2025. Further information on the settlement can be found on the settlement website:  https://www.rhccdataincidentsettlement.com/

The post Robeson Health Care Corp. Agrees to $750K Data Breach Settlement appeared first on The HIPAA Journal.