CERT-In Vulnerability Note reveals serious flaws in Ivanti, Trend Micro, Apache Kafka, and SAP products.

The Indian Computer Emergency Response Team (CERT-In) has issued a series of high—and critical-severity alerts through its CERT-In Vulnerability Note platform, warning enterprises and individuals about newly discovered security flaws in several widely used software products. These include Ivanti Workspace Control, Trend Micro’s endpoint security tools, Apache Kafka, and multiple SAP systems.

Ivanti Workspace Control Flaws (CIVN-2025-0128)

One of the most pressing concerns highlighted in the CERT-In Vulnerability Note CIVN-2025-0128 pertains to Ivanti Workspace Control (IWC), a software suite designed for secure user workspace management. The vulnerabilities assigned CVEs – CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455 – impact version 10.19.0.0 and earlier.

These security flaws are due to improper credential storage practices, including the use of hardcoded encryption keys. This design flaw potentially allows authenticated low-privileged users to decrypt sensitive environment and SQL database credentials.

CERT-In’s assessment labels the vulnerabilities as “HIGH” risk, citing the potential for unauthorized access to critical systems and disclosure of confidential data.

Ivanti has released security advisories and patches, urging users to immediately apply updates to mitigate these risks. Details and remediation steps are available on the vendor’s official forum.

Trend Micro Vulnerabilities (CIVN-2025-0127)

The CERT-In Vulnerability Note CIVN-2025-0127, marked CRITICAL, highlights multiple zero-day vulnerabilities in Trend Micro Apex One and Apex Central—both on-premises and SaaS versions. These include risks of remote code execution, privilege escalation, and improper access control, affecting nearly all deployment models.

Key CVEs and Threats:

• CVE-2025-49219, CVE-2025-49220: Remote code execution through insecure input validation.
• CVE-2025-49154: Privilege escalation via memory-mapped file overwrite.
• CVE-2025-49155: Arbitrary code execution through insecure DLL loading.
• CVE-2025-49156, CVE-2025-49157: Insecure link following vulnerabilities in the scanning engines.
• CVE-2025-49158: Untrusted search path leading to elevation of privileges.

CERT-In warned: “These vulnerabilities present a high risk of complete system compromise, data theft, and unauthorized administrative access.” Trend Micro has responded to the vulnerabilities, publishing fixes and detailed guidance through its support portal.

Apache Kafka Vulnerabilities (CIVN-2025-0126)

Another critical vulnerability alert under CERT-In Vulnerability Note CIVN-2025-0126 affects Apache Kafka, an essential data streaming platform used globally.

The flaws impact versions:

• Apache Kafka 2.0.0 – 3.3.2, 2.3.0 – 3.9.0, and Kafka Client 3.1.0 – 3.9.0

Main Threats:

• Remote Code Execution
• Denial of Service (DoS)
• Server-Side Request Forgery (SSRF)

These vulnerabilities arise due to misconfigurations in the JAAS JndiLoginModule and LdapLoginModule, and improper values in JVM system properties.

CERT-In’s analysis suggests attackers could exploit these to “take full control over the Kafka environment or bring services to a halt.” Administrators are strongly advised to install the latest patches from the Apache Kafka CVE list.

SAP Software Vulnerabilities (CIAD-2025-0022)

Rounding off the list, CERT-In issued Advisory CIAD-2025-0022, highlighting a slew of vulnerabilities across SAP enterprise software suites. These include:

• SAP NetWeaver
• SAP Business Warehouse
• SAP S/4HANA
• SAP BusinessObjects BI Platform
• SAP Visual Composer

Severity levels range from medium to critical, with associated risks such as:

• Missing authorization checks
• HTML and JavaScript injection
• Directory traversal
• Denial of Service (DoS)
• Sensitive data disclosure
• SSRF and XSS attacks

Notably, CVE-2025-42980, CVE-2025-42903, and CVE-2025-23192 represent the most dangerous flaws, potentially allowing attackers to bypass authentication and inject malicious code.

CERT-In cautioned: “SAP environments could be vulnerable to targeted attacks, data breaches, and operational outages unless timely patches are applied.”

Full patch details and remediation plans are available on SAP’s security portal.

Conclusion

As cyberattacks continue to grow, the latest CERT-In Vulnerability Notes reinforce the importance of prompt patch management, vigilant network monitoring, and strict access control. Organizations using any of the affected software solutions—Ivanti, Trend Micro, Apache Kafka, or SAP—are urged to:

1. Review and apply vendor patches immediately
2. Conduct internal vulnerability assessments
3. Update threat detection tools accordingly

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.