Fortinet Fortisase

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Fortinet Fortisase.

By the Year

In 2026 there have been 1 vulnerability in Fortinet Fortisase with an average score of 7.4 out of ten. Last year, in 2025 Fortisase had 9 security vulnerabilities published. Right now, Fortisase is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 2.78.

Year	Vulnerabilities	Average Score
2026	1	7.40
2025	9	4.62

It may take a day or so for new Fortisase vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Fortisase Security Vulnerabilities

FortiOS/FortiSwitchManager 6.4.0-7.6.3 Heap Overflow Exec via Packets
CVE-2025-25249 7.4 - High - January 13, 2026

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

Heap-based Buffer Overflow

FortiOS 7.07.4.3: REST-API Tokens Logged (CWE532)
CVE-2024-47570 6.3 - Medium - December 09, 2025

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration).

Insertion of Sensitive Information into Log File

FortiOS Buffer Overflow 7.6-7.6.3, 7.4-7.4.8, 7.2+, 7.0+, 6.4+, 6.2+, 6.0+; FortiSASE 25.3.b
CVE-2025-58413 6.9 - Medium - November 18, 2025

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets

Stack Overflow

FortiOS/Proxy XSS (CVE-2025-31366) 7.6.0-7.6.3/7.4.0-7.4.7
CVE-2025-31366 4.5 - Medium - October 14, 2025

An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests.

XSS

Fortinet FortiOS/FortiProxy/FortiSASE URL Redirection Vulnerability (CWE-601)
CVE-2025-47890 2.5 - Low - October 14, 2025

An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.

Open Redirect

FortiOS/FortiProxy DNS Filter Bypass (CWE-358) – Version <= 7.6.0
CVE-2024-55599 - July 08, 2025

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated user to bypass the DNS filter via Apple devices.

Improperly Implemented Security Check for Standard

Sensitive Info Exposure in FortiOS 7.6.0 SSL-VPN Web-Mode (CWE-200)
CVE-2025-25250 4.3 - Medium - June 10, 2025

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.

Information Disclosure

Improper Cert Validation in FortiOS <=7.6.1 & <=7.4.7 with Revoked Certs
CVE-2025-24471 - June 10, 2025

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

Improper Certificate Validation

FortiOS SSL-VPN 7.6.0/7.4.6/7.2.10/7.0/6.4: Improper Session Expiration (CWE-613)
CVE-2024-50562 - June 10, 2025

An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.

Insufficient Session Expiration

FortiSASE 23.4.b Integer Overflow in IPsec IKE (pre7.4.4 / 7.2.10)
CVE-2024-46669 3.2 - Low - January 14, 2025

An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.

Integer Overflow or Wraparound

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fortinet Fortisase or by Fortinet? Click the Watch button to subscribe.

Fortinet
Vendor

Fortinet Fortisase
Product

Fortinet Fortisase

Don't miss out!

By the Year

Recent Fortinet Fortisase Security Vulnerabilities

FortiOS/FortiSwitchManager 6.4.0-7.6.3 Heap Overflow Exec via Packets CVE-2025-25249 7.4 - High - January 13, 2026

FortiOS 7.07.4.3: REST-API Tokens Logged (CWE532) CVE-2024-47570 6.3 - Medium - December 09, 2025

FortiOS Buffer Overflow 7.6-7.6.3, 7.4-7.4.8, 7.2+, 7.0+, 6.4+, 6.2+, 6.0+; FortiSASE 25.3.b CVE-2025-58413 6.9 - Medium - November 18, 2025

FortiOS/Proxy XSS (CVE-2025-31366) 7.6.0-7.6.3/7.4.0-7.4.7 CVE-2025-31366 4.5 - Medium - October 14, 2025

Fortinet FortiOS/FortiProxy/FortiSASE URL Redirection Vulnerability (CWE-601) CVE-2025-47890 2.5 - Low - October 14, 2025

FortiOS/FortiProxy DNS Filter Bypass (CWE-358) – Version <= 7.6.0 CVE-2024-55599 - July 08, 2025

Sensitive Info Exposure in FortiOS 7.6.0 SSL-VPN Web-Mode (CWE-200) CVE-2025-25250 4.3 - Medium - June 10, 2025

Improper Cert Validation in FortiOS <=7.6.1 & <=7.4.7 with Revoked Certs CVE-2025-24471 - June 10, 2025

FortiOS SSL-VPN 7.6.0/7.4.6/7.2.10/7.0/6.4: Improper Session Expiration (CWE-613) CVE-2024-50562 - June 10, 2025

FortiSASE 23.4.b Integer Overflow in IPsec IKE (pre7.4.4 / 7.2.10) CVE-2024-46669 3.2 - Low - January 14, 2025