Fortra is actively researching a UI Path Traversal Vulnerability in FortiWeb that has been exploited in the wild.

Fortra is actively researching a remote, unauthenticated vulnerability (CVE-2025-61882) in the BI Publisher Integration component of the Oracle Concurrent Process feature within Oracle E-Business Suite. Successful exploitation could allow an attacker to take over the Oracle Concurrent Process feature.

Fortra is actively researching two critical Cisco vulnerabilities, CVE-2025-20333 and CVE-2025-20363 that could allow attackers to execute arbitrary code on affected devices. CVE-2025-20333 enables authenticated users to gain root access through crafted HTTP requests and is actively being exploited in the wild. CVE-2025-20363 affects ASA, FTD, IOS, IOS XE, and IOS XR software and could allow both unauthenticated and low-privileged authenticated users to execute arbitrary code. On the same announcement, Cisco alerted about CVE-2025-203632, base score 6.5 – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N, which can let unauthenticated attackers bypass access controls. If exploited alongside CVE-2025-20333, it could enable full remote control of affected systems, significantly increasing risk. No workarounds are available, and Cisco highly recommends updating the latest software versions. If patching is not immediately possible, organizations should disable or limit HTTPS web services and restrict management interfaces to trusted subnets.

Sitecore products are vulnerable to a ViewState deserialization vulnerability when public machine keys are reused in production deployment.