SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Vulnerabilities Patched by Ivanti, VMware, Zoom 

Ivanti, VMware, and Zoom released fixes for dozens of vulnerabilities in their products on April 2025 Patch Tuesday.

On Tuesday, Ivanti, VMware, and Zoom announced fixes for dozens of vulnerabilities across their products, including numerous high-severity bugs.

Ivanti released security updates that resolve six vulnerabilities in Endpoint Manager, including a high-severity security defect (CVE-2025-22466) that allows unauthenticated attackers to perform XSS attacks to obtain admin privileges.

Two other high-severity authenticated bugs were also addressed: CVE-2025-22458, a DLL hijacking issue leading to privilege escalation; and CVE-2025-22461, an SQL injection leading to code execution.

Ivanti says it has no evidence of any of these vulnerabilities being exploited in the wild and underlines that no other Ivanti product is affected.

On Tuesday, 47 vulnerabilities were addressed in the VMware Tanzu cloud native application platform, including 29 issues in VMware Tanzu Greenplum Backup and Restore and 18 bugs in various components of VMware Tanzu Greenplum.

All 47 CVEs, some of which were assigned roughly three years ago, impact various dependencies used within the affected applications. Ten of the patched vulnerabilities are rated ‘critical severity’.

Zoom published three security advisories on April 8, addressing six defects in its Workplace applications across Windows, Linux, macOS, iOS, and Android.

The advisories describe two medium-severity cross-site scripting (XSS) flaws in Workplace apps, three medium-severity denial-of-service (DoS) bugs in Workplace Apps for Windows, and a low-severity loss of integrity issue in Workplace Apps for Windows.

Advertisement. Scroll to continue reading.

Also on Tuesday, Google announced the release of Chrome version 135.0.7049.84/.85 for Windows and macOS and version 135.0.7049.84 for Linux with patches for two vulnerabilities, including an externally reported high-severity use-after-free bug in Site Isolation, for which it paid out a $4,000 bug bounty reward.

Related: SAP Patches Critical Code Injection Vulnerabilities

Related: Android Update Patches Two Exploited Vulnerabilities

Related: Google Released Second Fix for Quick Share Flaws After Patch Bypass

Related: Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Which Security Testing Approach is Right for You?
March 25, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.