A string of high-severity software vulnerabilities surfaced on 13 Aug 2025, prompting urgent patching across enterprise networks. Fortinet, Zoom and Xerox each released fixes for flaws rated between 9.6 and 9.8 on the 10-point CVSS scale, with at least one vulnerability already being exploited. Fortinet warned that CVE-2025-25256 in its FortiSIEM monitoring platform carries a CVSS score of 9.8 and is under active attack. The unauthenticated remote-code-execution bug offers no obvious indicators of compromise, pushing the company to advise customers to upgrade immediately. Zoom issued version 6.3.10 of its Windows client software to address CVE-2025-49457, a CVSS 9.6 untrusted-search-path flaw that allows privilege escalation over a network. The patch covers Zoom Workplace, VDI, Rooms, Rooms Controller and the Meeting SDK for Windows. Separately, Xerox shipped FreeFlow Core version 8.0.4 after Horizon3.ai researchers detailed two vulnerabilities: an XXE injection bug (CVE-2025-8355, CVSS 7.5) and a path-traversal defect enabling remote code execution (CVE-2025-8356, CVSS 9.8). The flaws can be exploited without authentication, potentially letting attackers move laterally inside print-management environments. The disclosures come amid additional fixes for 7-Zip (CVE-2025-55188) and Microsoft’s WSL2 (CVE-2025-53788), underscoring a broader need for administrators to apply August security updates without delay.