Vulnerabilities Patched by Ivanti, VMware, Zoom

Ivanti, VMware, and Zoom released fixes for dozens of vulnerabilities in their products on April 2025 Patch Tuesday.

On Tuesday, Ivanti, VMware, and Zoom announced fixes for dozens of vulnerabilities across their products, including numerous high-severity bugs.

Ivanti released security updates that resolve six vulnerabilities in Endpoint Manager, including a high-severity security defect (CVE-2025-22466) that allows unauthenticated attackers to perform XSS attacks to obtain admin privileges.

Two other high-severity authenticated bugs were also addressed: CVE-2025-22458, a DLL hijacking issue leading to privilege escalation; and CVE-2025-22461, an SQL injection leading to code execution.

Ivanti says it has no evidence of any of these vulnerabilities being exploited in the wild and underlines that no other Ivanti product is affected.

On Tuesday, 47 vulnerabilities were addressed in the VMware Tanzu cloud native application platform, including 29 issues in VMware Tanzu Greenplum Backup and Restore and 18 bugs in various components of VMware Tanzu ...