Fortinet Fortisra
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fortinet Fortisra.
By the Year
In 2025 there have been 3 vulnerabilities in Fortinet Fortisra with an average score of 7.2 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 3 | 7.17 |
It may take a day or so for new Fortisra vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortinet Fortisra Security Vulnerabilities
Fortinet FortiSRA/OS/etc Heap BF < 7.6.2 / 1.5.0 Priv Esc via HTTP
CVE-2025-22258
5.7 - Medium
- October 14, 2025
A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4.0 through 7.4.7, FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.2 through 7.0.16, FortiSwitchManager 7.2.1 through 7.2.5 allows attackers to escalate their privilege via specially crafted http requests.
Heap-based Buffer Overflow
Fortinet FortiPAM/FortiSRA Improper Access Control via HTTP (1.0-1.4.x)
CVE-2025-22256
8.8 - High
- June 10, 2025
A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests
Improper Handling of Insufficient Permissions or Privileges
FortiOS Format-String CVE-2024-45324 (v7.4.0-7.4.4 & v7.2.0-7.2.9 +)
CVE-2024-45324
7 - High
- March 11, 2025
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
Use of Externally-Controlled Format String
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fortinet Fortisra or by Fortinet? Click the Watch button to subscribe.
