Fortinet Fortisoaron Premise
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fortinet Fortisoaron Premise.
By the Year
In 2026 there have been 0 vulnerabilities in Fortinet Fortisoaron Premise. Last year, in 2025 Fortisoaron Premise had 4 security vulnerabilities published. Right now, Fortisoaron Premise is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 5.85 |
It may take a day or so for new Fortisoaron Premise vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortinet Fortisoaron Premise Security Vulnerabilities
FortiSOAR PaaS 7.3-7.6.2 Password Reset without Auth
CVE-2025-59808
6.5 - Medium
- December 09, 2025
An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password
Unverified Password Change
FortiSOAR PaaS/On-Prem IAC (Info Disclosure) 7.3-7.6
CVE-2025-59810
6.2 - Medium
- December 09, 2025
An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests
Authorization
FortiSOAR OS Command Injection (Pre-7.6.0, 7.5.1, 7.4, 7.3)
CVE-2024-48891
6.6 - Medium
- October 14, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access (via another hypothetical vulnerability) to perform a local privilege escalation via crafted commands.
Shell injection
Fortinet FortiManager/<others> <=7.4.3 Cache Poison via External Host Header
CVE-2022-23439
4.1 - Medium
- January 22, 2025
A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
Externally Controlled Reference to a Resource in Another Sphere
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fortinet Fortisoaron Premise or by Fortinet? Click the Watch button to subscribe.
