Rewrite the
Flaws in third-party components
Ivanti notes that the vulnerabilities are located in two open-source libraries used in the product. Because the flaws have not yet been announced in the libraries themselves, the company decided not to name them for now but is working with their maintainers.
One of the flaws, CVE-2025-4428, is an arbitrary code execution issue, but because it requires authentication to exploit, it has only a 7.2 (high severity) score on the CVSS scale. The other vulnerability is an authentication bypass that provides unauthenticated attackers with access to protected resources and is rated only as medium severity with a score of 5.3.
However, the authentication bypass is exactly what’s needed to turn the impact of the first flaw from high to critical, because it enables its exploitation without authentication, removing the only limiting factor. This is a good example of why severity scores should not be the only criteria for prioritizing patches, but some lower severity flaws can be combined to achieve much more potent attacks.
in well organized HTML format with all tags properly closed. Create appropriate headings and subheadings to organize the content. Ensure the rewritten content is approximately 1500 words. Do not include the title and images. please do not add any introductory text in start and any Note in the end explaining about what you have done or how you done it .i am directly publishing the output as article so please only give me rewritten content. At the end of the content, include a “Conclusion” section and a well-formatted “FAQs” section.
