Black Arrow Cyber Advisory 09 April 2025 – Key Security Updates from Microsoft, Fortinet, Adobe, Ivanti, and Google Chrome

Written By Black Arrow Admin

Executive Summary

Microsoft’s Patch Tuesday for April 2025 delivered security updates addressing 134 vulnerabilities across its product line, including an actively exploited zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System Driver. This month, several other major software and hardware vendors also released critical security updates to address vulnerabilities that could be exploited by attackers.​

Fortinet issued security advisories addressing multiple vulnerabilities across various products, including a critical flaw (CVE-2024-48887) in FortiSwitch that could allow unauthorised password changes.

Adobe released updates addressing 30 vulnerabilities across multiple products, including 11 critical issues in ColdFusion that could lead to arbitrary code execution and unauthorised file system access. ​

Ivanti disclosed a critical vulnerability (CVE-2025-22457) in its Connect Secure, Policy Secure, and ZTA gateways, which has been exploited in the wild, allowing remote code execution. ​Ivanti also released a security advisory addressing several medium and high vulnerabilities in Ivanti Endpoint Manager.

Google released a security update for Chrome, addressing a high-severity use-after-free vulnerability (CVE-2025-3066) in the Site Isolation component, which could allow remote code execution. ​

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity, and availability of the affected applications and the organisation's data on the affected systems.​

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr

Forinet, Adobe, Ivanti, Google

Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:

https://helpx.adobe.com/security/security-bulletin.html

https://fortiguard.fortinet.com/psirt

https://www.ivanti.com/blog/april-security-update

https://www.ivanti.com/blog/security-update-pulse-connect-secure-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways

https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin
Previous

Black Arrow Cyber Threat Intelligence Briefing 11 April 2025
Next

Black Arrow Cyber Threat Intelligence Briefing 04 April 2025