Fortinet Fortinet Network security vendor

  1. Vendors
  2. Fortinet

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Fortinet product.

RSS Feeds for Fortinet security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Fortinet products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Fortinet Sorted by Most Security Vulnerabilities since 2018

Fortinet FortiOS213 vulnerabilities

Fortinet FortiProxy102 vulnerabilities

Fortinet FortiManager99 vulnerabilities

Fortinet FortiWeb95 vulnerabilities

Fortinet Fortianalyzer81 vulnerabilities

Fortinet FortiClient68 vulnerabilities

Fortinet Fortisandbox44 vulnerabilities

Fortinet Fortiadc40 vulnerabilities

Fortinet Fortimail38 vulnerabilities

Fortinet Fortiportal36 vulnerabilities

Fortinet Fortinac30 vulnerabilities

Fortinet Fortisiem25 vulnerabilities

Fortinet Fortiwlm22 vulnerabilities

Fortinet Fortisoar22 vulnerabilities

Fortinet Fortipam22 vulnerabilities

Fortinet Fortimanager Cloud19 vulnerabilities

Fortinet Fortivoice18 vulnerabilities

Fortinet Fortitester16 vulnerabilities

Fortinet Fortiauthenticator13 vulnerabilities

Fortinet Fortiswitchmanager13 vulnerabilities

Fortinet Fortianalyzer Big Data12 vulnerabilities

Fortinet Fortirecorder12 vulnerabilities

Fortinet Fortiswitch12 vulnerabilities

Fortinet Forticlientems11 vulnerabilities

Fortinet Fortiwan11 vulnerabilities

Fortinet Fortinac F11 vulnerabilities

Fortinet Fortiisolator10 vulnerabilities

Fortinet Fortianalyzer Cloud10 vulnerabilities

Fortinet Fortindr8 vulnerabilities

Fortinet Forticlient Enterprise Management Server7 vulnerabilities

Fortinet Fortideceptor7 vulnerabilities

Fortinet Fortiddos F6 vulnerabilities

Fortinet Fortiedr6 vulnerabilities

Fortinet Fortiddos6 vulnerabilities

Fortinet Forticlient Endpoint Management Server6 vulnerabilities

Fortinet Fortiwlc6 vulnerabilities

Fortinet Fortiap W26 vulnerabilities

Fortinet Fortiap U5 vulnerabilities

Fortinet Fortiap S5 vulnerabilities

Fortinet Fortisase5 vulnerabilities

Fortinet Fortiap5 vulnerabilities

Fortinet Fortidlp4 vulnerabilities

Fortinet Fortirecorder Firmware4 vulnerabilities

Fortinet Fortiaiops4 vulnerabilities

Fortinet Fortiwebmanager4 vulnerabilities

Fortinet Fortisra3 vulnerabilities

Fortinet Fortios 6k7k3 vulnerabilities

Fortinet Fortiap C2 vulnerabilities

Fortinet Fortianalyzer Bigdata2 vulnerabilities

Fortinet Fortipresence2 vulnerabilities

Fortinet Forticlientems Cloud2 vulnerabilities

Fortinet Fortiadc Manager2 vulnerabilities

Fortinet Forticamera2 vulnerabilities

Fortinet Fortisoaron Premise1 vulnerability

Fortinet Fortisoar Imap Connector1 vulnerability

Fortinet Fortiai1 vulnerability

Fortinet Fortisandbox Cloud1 vulnerability

Fortinet Fortiguest1 vulnerability

Fortinet Fortiextender Firmware1 vulnerability

Fortinet Fortiedrmanager1 vulnerability

Fortinet Fortiddos Cm1 vulnerability

Fortinet Forticonverter1 vulnerability

Known Exploited Fortinet Vulnerabilities

The following Fortinet vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Fortinet FortiWeb SQL Injection Vulnerability Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
CVE-2025-25257 Exploit Probability: 50.4% 		July 18, 2025
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.
CVE-2019-6693 Exploit Probability: 72.5% 		June 25, 2025
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
CVE-2025-32756 Exploit Probability: 19.2% 		May 14, 2025
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
CVE-2025-24472 Exploit Probability: 4.4% 		March 18, 2025
Fortinet FortiOS Authorization Bypass Vulnerability Fortinet FortiOS contains an authorization bypass vulnerability that may allow an unauthenticated remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
CVE-2024-55591 Exploit Probability: 94.1% 		January 14, 2025
Fortinet FortiManager Missing Authentication Vulnerability Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
CVE-2024-47575 Exploit Probability: 93.9% 		October 23, 2024
Fortinet Multiple Products Format String Vulnerability Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
CVE-2024-23113 Exploit Probability: 46.2% 		October 9, 2024
Fortinet FortiClient EMS SQL Injection Vulnerability Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
CVE-2023-48788 Exploit Probability: 94.2% 		March 25, 2024
Fortinet FortiOS Out-of-Bound Write Vulnerability Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
CVE-2024-21762 Exploit Probability: 92.9% 		February 9, 2024
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
CVE-2023-27997 Exploit Probability: 90.7% 		June 13, 2023
Fortinet FortiOS Path Traversal Vulnerability Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.
CVE-2022-41328 Exploit Probability: 0.3% 		March 14, 2023
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
CVE-2022-42475 Exploit Probability: 93.9% 		December 13, 2022
Fortinet Multiple Products Authentication Bypass Vulnerability Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVE-2022-40684 Exploit Probability: 94.4% 		October 11, 2022
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability Fortinet FortiOS and FortiADC contain an improper access control vulnerability which allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
CVE-2018-13374 Exploit Probability: 3.0% 		September 8, 2022
Fortinet FortiOS and FortiProxy Out-of-bounds Write A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.
CVE-2018-13383 Exploit Probability: 1.1% 		January 10, 2022
Fortinet FortiOS and FortiProxy Improper Authorization An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
CVE-2018-13382 Exploit Probability: 88.0% 		January 10, 2022
Fortinet FortiOS Arbitrary File Download Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.
CVE-2021-44168 Exploit Probability: 0.9% 		December 10, 2021
Fortinet FortiOS Default Configuration Vulnerability A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
CVE-2019-5591 Exploit Probability: 3.6% 		November 3, 2021
Fortinet FortiOS SSL VPN credential exposure vulnerability An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
CVE-2018-13379 Exploit Probability: 94.5% 		November 3, 2021
Fortinet FortiOS SSL VPN 2FA Authentication Vulnerability An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
CVE-2020-12812 Exploit Probability: 47.0% 		November 3, 2021

Of the known exploited vulnerabilities above, 9 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Fortinet vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Fortinet Vulnerabilities

Based on the current exploit probability, these Fortinet vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2018-13379 94.5% Fortinet FortiOS SSL VPN credential exposure vulnerability
2 CVE-2022-40684 94.4% Fortinet Multiple Products Authentication Bypass Vulnerability
3 CVE-2023-48788 94.2% Fortinet FortiClient EMS SQL Injection Vulnerability
4 CVE-2024-55591 94.1% Fortinet FortiOS Authorization Bypass Vulnerability
5 CVE-2022-42475 93.9% Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
6 CVE-2024-47575 93.9% Fortinet FortiManager Missing Authentication Vulnerability
7 CVE-2024-21762 92.9% Fortinet FortiOS Out-of-Bound Write Vulnerability
8 CVE-2023-27997 90.7% Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
9 CVE-2018-13382 88.0% Fortinet FortiOS and FortiProxy Improper Authorization
10 CVE-2019-6693 72.5% Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability

By the Year

In 2025 there have been 198 vulnerabilities in Fortinet with an average score of 6.6 out of ten. Last year, in 2024 Fortinet had 122 security vulnerabilities published. That is, 76 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 0.62




Year Vulnerabilities Average Score
2025 198 6.55
2024 122 7.17
2023 195 7.10
2022 104 7.04
2021 120 6.97
2020 39 6.98
2019 35 6.82
2018 9 6.13

It may take a day or so for new Fortinet vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-46752 Oct 16, 2025
FortiDLP 12.0.0-12.0.5 Log Injection: Info Disclosure via Enrollment Code A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.
Fortidlp
CVE-2025-53950 Oct 16, 2025
FortiDLP Agent Outlookproxy PRIVIP Exposure v<11.5.1 An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated administrator to collect current user's email information.
Fortidlp
CVE-2025-53951 Oct 16, 2025
FortiDLP Agent Outlookproxy (11.5.1) Path Traversal Vulnerability An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to LocalService via sending a crafted request to a local listening port.
Fortidlp
CVE-2025-54658 Oct 16, 2025
Path Traversal Vulnerability in FortiDLP Agent Outlookproxy (Mac, v 11.5.1) An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to Root via sending a crafted request to a local listening port.
Fortidlp
CVE-2025-31514 Oct 14, 2025
Insertion of Sensitive Info into Log Files CVE-2025-31514 (FortiOS 6.4-7.6.x) An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command.
FortiOS
CVE-2025-46774 Oct 14, 2025
FortiClient MacOS Improper Sig Verif CVE202546774 7.4.2/7.2.9 Escalates Privs An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.
FortiClient
CVE-2025-54822 Oct 14, 2025
Fortinet FortiOS 7.4.0-7.4.1 Improper Authorization -> VDOM Static File Leak An improper authorization vulnerability [CWE-285] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.
FortiOS
CVE-2025-31365 Oct 14, 2025
FortiClientMac 7.2.1-7.4.3 Code Injection via Malicious Webpage An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.
FortiClient
CVE-2025-53845 Oct 14, 2025
FortiAnalyzer 7.6.x Improper Auth via OFTP (info leak/DoS) An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests.
Fortianalyzer
CVE-2025-59921 Oct 14, 2025
Sensitive Data Exposure via HTTP in FortiADC 7.4.0-7.0 (CWE-200) An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests.
Fortiadc
CVE-2024-33507 Oct 14, 2025
FortiIsolator <=2.4.4: Session Expiry & Auth Cookie Flaw (CWE-613/863) An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.
Fortiisolator
CVE-2025-25255 Oct 14, 2025
FortiProxy/OS Authenticated Proxy Bypass of Domain Fronting (7.0.1-7.6.3) An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0.1 through 7.0.21, and FortiOS 7.6.0 through 7.6.3 explicit web proxy may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.
FortiOS
FortiProxy
CVE-2025-57716 Oct 14, 2025
FortiClient DLL Hijack via Uncontrolled Search Path v7.0-7.4.3 An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder.
FortiClient
CVE-2025-25252 Oct 14, 2025
FortiOS SSL VPN 7.6.*: Insufficient Session Expiration (CWE-613) An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a user session to access or re-open that session via re-use of SAML record.
FortiOS
CVE-2024-26008 Oct 14, 2025
FortiOS 7.4.0-7.4.3 SSL request reset (CWE-703) An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.
FortiOS
Fortipam
CVE-2024-47569 Oct 14, 2025
Fortinet Forti* - Sensitive Data Disclosure via Crafted Packets (v<=7.6) A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, FortiOS 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, 6.0.0 through 6.0.18, FortiWeb 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.11, 7.0.0 through 7.0.11, 6.4.0 through 6.4.3, FortiRecorder 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiNDR 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.5, 7.1.0 through 7.1.1, 7.0.0 through 7.0.7, 1.5.0 through 1.5.3, FortiPAM 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiTester 7.4.0 through 7.4.2, 7.3.0 through 7.3.2, 7.2.0 through 7.2.3, 7.1.0 through 7.1.1, 7.0.0, 4.2.0 through 4.2.1, FortiProxy 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.21, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager 7.6.0 through 7.6.1, 7.4.1 through 7.4.3 allows attacker to disclose sensitive information via specially crafted packets.
Fortivoice
FortiManager
Fortirecorder
And others...
CVE-2025-54973 Oct 14, 2025
FortiAnalyzer SSO Race Condition 7.0.13-7.6.2 A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the FortiCloud SSO authorization via crafted FortiCloud SSO requests.
Fortianalyzer
CVE-2023-46718 Oct 14, 2025
FortiOS 6.x-7.4 Buffer Overflow via CLI Commands A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands.
FortiOS
CVE-2024-50571 Oct 14, 2025
FortiOS 6.07.6 Heap Overflow via Crafted Requests A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, FortiManager Cloud 7.6.2, 7.4.1 through 7.4.5, 7.2.1 through 7.2.8, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7, FortiAnalyzer Cloud 7.4.1 through 7.4.5, 7.2.1 through 7.2.8, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7, FortiProxy 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.12, 7.0.0 through 7.0.19, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiAnalyzer 7.6.0 through 7.6.2, 7.4.0 through 7.4.5, 7.2.0 through 7.2.8, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, 6.2.0 through 6.2.13, 6.0.0 through 6.0.12, FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, 6.2.0 through 6.2.13, 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via specifically crafted requests.
FortiOS
FortiManager
Fortianalyzer
And others...
CVE-2025-31366 Oct 14, 2025
FortiOS/Proxy XSS (CVE-2025-31366) 7.6.0-7.6.3/7.4.0-7.4.7 An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] in FortiOS 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4.0 through 7.4.9, 7.2 all versions, 7.0 all versions; FortiSASE 25.3.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests.
FortiOS
CVE-2025-22258 Oct 14, 2025
Fortinet FortiSRA/OS/etc Heap BF < 7.6.2 / 1.5.0 Priv Esc via HTTP A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4.0 through 7.4.7, FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.2 through 7.0.16, FortiSwitchManager 7.2.1 through 7.2.5 allows attackers to escalate their privilege via specially crafted http requests.
Fortisra
FortiOS
Fortipam
And others...
CVE-2025-25253 Oct 14, 2025
FortiProxy <=7.6.1 & 7.4.8: Unauth MITM via Cert Host Mismatch An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy
Fortipam
FortiOS
FortiProxy
And others...
CVE-2025-57740 Oct 14, 2025
Fortinet FortiOS Heap Buffer Overflow CVE-2025-57740 (v<7.6.2/7.4.7/7.2.10) An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.
Fortipam
FortiOS
CVE-2025-57741 Oct 14, 2025
FortiClientMac 7.0-7.4.3 Local RCE via LaunchDaemon Hijack An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.
FortiClient
CVE-2025-47890 Oct 14, 2025
Fortinet FortiOS/FortiProxy/FortiSASE URL Redirection Vulnerability (CWE-601) An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions; FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.
FortiOS
CVE-2025-49201 Oct 14, 2025
Weak auth in FortiPAM 1.01.5.0/ FortiSwitchManager 7.2.07.2.4 allows unauthorized code exec via craf A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests
Fortipam
CVE-2025-58325 Oct 14, 2025
FortiOS 6.x-7.6.0 CLI Command Injection (CWE-684) CVE-2025-58325 An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands.
FortiOS
CVE-2025-58903 Oct 14, 2025
FortiOS 7.4.8-7.6.3 API Null Pointer Deref in httpd via Unchecked Return An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request.
FortiOS
CVE-2025-58324 Oct 14, 2025
FortiSIEM XSS Vulnerability CVE-2025-58324 (v7.2.07.2.2, prior) An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests.
Fortisiem
CVE-2024-48891 Oct 14, 2025
FortiSOAR OS Command Injection (Pre-7.6.0, 7.5.1, 7.4, 7.3) An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access (via another hypothetical vulnerability) to perform a local privilege escalation via crafted commands.
Fortisoaron Premise
Fortisoar
CVE-2025-47856 Oct 14, 2025
FortiVoice 7.2.0 & 7.0.0-7.0.6 OS Command Injection (CWE-78) Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiVoice version 7.2.0, 7.0.0 through 7.0.6 and before 6.4.10 allows a privileged attacker to execute arbitrary code or commands via crafted HTTP/HTTPS or CLI requests.
Fortivoice
CVE-2025-22862 Oct 02, 2025
FortiOS/FortiProxy Auth Bypass via Alternate Path (7.4.07.4.7) An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.
FortiOS
CVE-2025-52970 Aug 12, 2025
FortiWeb <=7.6.3 Privilege Escalation via Improper Parameter Handling A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.
FortiWeb
CVE-2025-47857 Aug 12, 2025
FortiWeb 7.6.0-7.6.3 CLI OSCI RCE Vulnerability A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands.
FortiWeb
CVE-2025-32766 Aug 12, 2025
FortiWeb CLI Buffer Overflow (RCE) 7.6.0-7.6.3 & <7.4.8 A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands
FortiWeb
CVE-2025-27759 Aug 12, 2025
FortiWeb OS Command Injection RCE via CLI, v7.6.0-7.6.3/7.4.0-7.4.7/7.2.0-7.2.10 An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands
FortiWeb
CVE-2024-52964 Aug 12, 2025
Path Traversal in FortiManager FGFM (v7.6.0-7.6.1+) An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests.
FortiManager
Fortimanager Cloud
CVE-2024-26009 Aug 12, 2025
Auth Bypass via FGFM Path in FortiOS 6.4 and FortiProxy 7.4/7.2 (CVE-2024-26009) An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number.
FortiOS
Fortiswitchmanager
FortiProxy
And others...
CVE-2023-45584 Aug 12, 2025
Fortinet FortiOS RCE via Double Free (CVE-2023-45584) A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and FortiPAM version 1.1.0 through 1.1.2 and before 1.0.3 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.
FortiOS
Fortipam
FortiProxy
And others...
CVE-2025-53744 Aug 12, 2025
Privilege Escalation in FortiOS 6.4-7.6.2 via Malicious FortiManager An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager.
FortiOS
CVE-2025-49813 Aug 12, 2025
FortiADC 7.2.x OS Command Injection (CWE-78) before 7.1.1 An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters.
Fortiadc
CVE-2025-32932 Aug 12, 2025
FortiSOAR 7.6.1 WEB UI XSS Vulnerability (CWE-79) An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests
Fortisoar
CVE-2025-25256 Aug 12, 2025
FortiSIEM v7.3.0–7.3.1 RCE via CLI OS Command Injection An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
Fortisiem
CVE-2024-48892 Aug 12, 2025
Relative Path Traversal in FortiSOAR 7.6.0/7.5.x/7.4/7.3 A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.
Fortisoar
CVE-2025-25248 Aug 12, 2025
FortiOS <=7.6.2 Integer Overflow Vulnerability Allows DoS via SSL-VPN An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests.
FortiOS
Fortipam
FortiProxy
And others...
CVE-2024-40588 Aug 12, 2025
Fortinet FortiMail, FortiVoice Path Traversal 7.6.x/7.0.x Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.
Fortimail
Fortindr
Fortirecorder
And others...
CVE-2024-27779 Jul 18, 2025
Insufficient Session Expiration in FortiSandbox/Isolator <4.5 Enables Admin Session Hijack An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted.
Fortisandbox
Fortiisolator
CVE-2024-32124 Jul 18, 2025
FortiIsolator 2.4.x Improper Access Control in Logging HTTP Component Allows Log Alteration An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.
Fortiisolator
CVE-2025-25257 Jul 17, 2025
SQLi in Fortinet FortiWeb 7.0.10-7.6.3 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
FortiWeb
CVE-2025-24477 Jul 15, 2025
Fortinet FortiOS 7.2.4-7.6.2 Heap Overflow via CLI PrivEsc A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI command
FortiOS
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.