On Tuesday, Ivanti, VMware, and Zoom announced fixes for dozens of vulnerabilities across their products, including numerous high-severity bugs.
Ivanti released security updates that resolve six vulnerabilities in Endpoint Manager, including a high-severity security defect (CVE-2025-22466) that allows unauthenticated attackers to perform XSS attacks to obtain admin privileges.
Two other high-severity authenticated bugs were also addressed: CVE-2025-22458, a DLL hijacking issue leading to privilege escalation; and CVE-2025-22461, an SQL injection leading to code execution.
Ivanti says it has no evidence of any of these vulnerabilities being exploited in the wild and underlines that no other Ivanti product is affected.
On Tuesday, 47 vulnerabilities were addressed in the VMware Tanzu cloud native application platform, including 29 issues in VMware Tanzu Greenplum Backup and Restore and 18 bugs in various components of VMware Tanzu Greenplum.
All 47 CVEs, some of which were assigned roughly three years ago, impact various dependencies used within the affected applications. Ten of the patched vulnerabilities are rated ‘critical severity’.
Zoom published three security advisories on April 8, addressing six defects in its Workplace applications across Windows, Linux, macOS, iOS, and Android.
The advisories describe two medium-severity cross-site scripting (XSS) flaws in Workplace apps, three medium-severity denial-of-service (DoS) bugs in Workplace Apps for Windows, and a low-severity loss of integrity issue in Workplace Apps for Windows.
Also on Tuesday, Google announced the release of Chrome version 135.0.7049.84/.85 for Windows and macOS and version 135.0.7049.84 for Linux with patches for two vulnerabilities, including an externally reported high-severity use-after-free bug in Site Isolation, for which it paid out a $4,000 bug bounty reward.
Related: SAP Patches Critical Code Injection Vulnerabilities
Related: Android Update Patches Two Exploited Vulnerabilities
Related: Google Released Second Fix for Quick Share Flaws After Patch Bypass
Related: Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities
About The Author
Original post here
