Black Arrow Cyber Advisory - 13 August 2025 - Security Updates from Microsoft, Adobe, SAP, Fortinet and Ivanti

Written By Black Arrow Admin

Executive Summary

August’s Patch Tuesday delivers substantial updates across enterprise platforms. Microsoft addresses 107 vulnerabilities—including one zero-day and 13 critical flaws—spanning Windows, Office, and server products. Adobe issues multiple bulletins for Commerce, InCopy, and FrameMaker. SAP releases 15 Security Notes for enterprise systems. Fortinet publishes critical advisories for Security Fabric, FGFM, and SSL-VPN components. Ivanti provides three updates for its secure gateway products. Immediate patching is advised, particularly for critical RCE and privilege-escalation vulnerabilities.

Vulnerabilities by Vendor

  • Microsoft[¹]: 107 vulnerabilities addressed, including one publicly disclosed zero-day and 13 critical flaws. Patching is advised across Windows, Office, SQL Server, and other widespread components.

  • Adobe[²]: At least 19 vulnerabilities in Adobe Commerce, InCopy, and FrameMaker. Focus should be on critical arbitrary code execution fixes.

  • SAP[³]: 15 Security Notes affecting S/4HANA, Business Suite, and other SAP platforms. HotNews and high-priority advisories should be applied first.

  • Fortinet[⁴]: Three advisories dated 12 August 2025—covering Security Fabric privilege issues, FGFM authentication weaknesses (in FortiOS/FortiProxy/FortiPAM), and an SSL-VPN integer-overflow DoS vulnerability.

  • Ivanti[⁵]: Three product-specific advisories on August Patch Tuesday — for Connect Secure, Policy Secure, and ZTA Gateways — focused on gateway access and authentication security.

What’s the risk to me or my business?

The presence of actively exploited zero-days and critical RCE/privilege-escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation’s security policies and ensure that all systems are running supported and up-to-date software versions.

Footnotes:
¹ Microsoft — August 2025 Security Update Release Notes: https://msrc.microsoft.com/update-guide/releaseNote/2025-Aug
² Adobe — Adobe Product Security Bulletin: https://helpx.adobe.com/security/security-bulletin.html
³ SAP — SAP Security Patch Day August 2025: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/august-2025.html
⁴ Fortinet Security Advisories: https://www.fortiguard.com/psirt
⁵ Ivanti August 2025 Security Advisory: https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs?language=en_US

Black Arrow Admin
Previous

Black Arrow Cyber Threat Intelligence Briefing 15 August 2025
Next

Black Arrow Cyber Threat Intelligence Briefing 08 August 2025