Fortinet FortiWeb
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fortinet FortiWeb.
Known Exploited Fortinet FortiWeb Vulnerabilities
The following Fortinet FortiWeb vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Fortinet FortiWeb OS Command Injection Vulnerability |
Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. CVE-2025-58034 Exploit Probability: 50.7% |
November 18, 2025 |
| Fortinet FortiWeb Path Traversal Vulnerability |
Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. CVE-2025-64446 Exploit Probability: 87.9% |
November 14, 2025 |
| Fortinet FortiWeb SQL Injection Vulnerability |
Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. CVE-2025-25257 Exploit Probability: 31.0% |
July 18, 2025 |
The vulnerability CVE-2025-64446: Fortinet FortiWeb Path Traversal Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 2 known exploited Fortinet FortiWeb vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 7 vulnerabilities in Fortinet FortiWeb with an average score of 6.1 out of ten. Last year, in 2025 FortiWeb had 30 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.80
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 7 | 6.10 |
| 2025 | 30 | 6.90 |
| 2024 | 8 | 7.34 |
| 2023 | 27 | 7.15 |
| 2022 | 5 | 7.70 |
| 2021 | 29 | 7.50 |
| 2020 | 3 | 6.30 |
| 2019 | 1 | 6.10 |
| 2018 | 1 | 0.00 |
It may take a day or so for new FortiWeb vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortinet FortiWeb Security Vulnerabilities
FortiWeb OS Command Injection (CVE-2025-66178) 7.0-8.0 (pre-8.0.2)
CVE-2025-66178
6.7 - Medium
- March 10, 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP request.
Shell injection
FortiWeb <=8.2 NULL Ptr Crash via HTTP
CVE-2026-24641
2.5 - Low
- March 10, 2026
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.
NULL Pointer Dereference
FortiWeb 78 Stack Overflows: Remote Code Execution via HTTP (Pre-8.0.3)
CVE-2026-24640
5.9 - Medium
- March 10, 2026
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
Stack Overflow
FortiWeb 7.0-8.0 Auth Rate-Limit Bypass (CWE-799)
CVE-2026-24017
7.3 - High
- March 10, 2026
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.
Insufficient anti-automation
FortiWeb Auth Bypass via Hostname Spoofing CVE-2025-48840
CVE-2025-48840
5 - Medium
- March 10, 2026
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.
Authentication Bypass by Spoofing
FortiWeb 8.0-8.0.3,7.6.0-7.6.6,7.4.0-7.4.11,7.2,7.0 buffer overflow RCE
CVE-2026-30897
5.9 - Medium
- March 10, 2026
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
Stack Overflow
Fortinet FortiOS Auth Bypass 7.07.6 via Alt Channel
CVE-2026-24858
9.4 - Critical
- January 27, 2026
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18, FortiProxy 7.6.0 through 7.6.4, FortiProxy 7.4.0 through 7.4.12, FortiProxy 7.2.0 through 7.2.15, FortiProxy 7.0.0 through 7.0.22, FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Authentication Bypass Using an Alternate Path or Channel
Improper SAML Signature Verification in FortiWeb 8.0/7.6.x/7.4.x (SSO Bypass)
CVE-2025-59719
9.1 - Critical
- December 09, 2025
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Improper Verification of Cryptographic Signature
FortiWeb 7.0-8.0.x: Auth via Password Hash Replay
CVE-2025-64471
4.4 - Medium
- December 09, 2025
A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests
Use of Password Hash Instead of Password for Authentication
FortiWeb Cookie Integrity Flaw 8.0.0-8.0.1 / 7.6.0-7.6.5 (CVE-2025-64447)
CVE-2025-64447
7.1 - High
- December 09, 2025
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
Reliance on Cookies without Validation and Integrity Checking
FortiWeb 7.x Hard-Coded Creds Enables Attacker to Access Redis
CVE-2025-59669
4.8 - Medium
- November 18, 2025
A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data
Use of Hard-coded Credentials
FortiWeb OS Command Injection in 7.x-8.0.1 via Crafted HTTP/CLI (CWE-78)
CVE-2025-58034
6.7 - Medium
- November 18, 2025
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Shell injection
Path Traversal in FortiWeb 7.08.0.1 allows admin exec
CVE-2025-64446
9.4 - Critical
- November 14, 2025
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Relative Path Traversal
Fortinet Forti* - Sensitive Data Disclosure via Crafted Packets (v<=7.6)
CVE-2024-47569
4.2 - Medium
- October 14, 2025
A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.
Insertion of Sensitive Information Into Sent Data
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may
CVE-2025-53609
4.7 - Medium
- September 09, 2025
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.
Relative Path Traversal
FortiWeb <=7.6.3 Privilege Escalation via Improper Parameter Handling
CVE-2025-52970
7.7 - High
- August 12, 2025
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request.
Improper Handling of Parameters
FortiWeb OS Command Injection RCE via CLI, v7.6.0-7.6.3/7.4.0-7.4.7/7.2.0-7.2.10
CVE-2025-27759
- August 12, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands
Shell injection
FortiWeb CLI Buffer Overflow (RCE) 7.6.0-7.6.3 & <7.4.8
CVE-2025-32766
6.7 - Medium
- August 12, 2025
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands
Stack Overflow
FortiWeb 7.6.0-7.6.3 CLI OSCI RCE Vulnerability
CVE-2025-47857
- August 12, 2025
A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands.
Shell injection
SQLi in Fortinet FortiWeb 7.0.10-7.6.3
CVE-2025-25257
9.6 - Critical
- July 17, 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
SQL Injection
Improper Privilege Escalation in Fortinet FortiOS 7.6.x via Node.js WebSocket
CVE-2025-22254
6.5 - Medium
- June 10, 2025
An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiWeb 7.6.0 through 7.6.1, FortiWeb 7.4.0 through 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module.
Improper Privilege Management
FortiWeb Widgets Dashboard ACL Bypass via Read-Only Admin (v7.6.2 or earlier)
CVE-2024-46671
7.2 - High
- April 08, 2025
An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests.
Incorrect User Management
Path Traversal in FortiWeb 7.6.2 and earlier via endpoint (auth admin)
CVE-2025-25254
6.8 - Medium
- April 08, 2025
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests.
Directory traversal
FortiOS/Proxy/Manager CVE-2024-26013: Improper Channel Restriction (CWE-923)
CVE-2024-26013
7.1 - High
- April 08, 2025
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device
Improper Restriction of Communication Channel to Intended Endpoints
Fortinet FortiOS <=7.4.3 Vulnerable to MIM Impersonation (CVE-2024-50565)
CVE-2024-50565
7.5 - High
- April 08, 2025
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device
Man-in-the-Middle / MITM
FortiOS/FortiProxy 7.x Admin Interface Buffer Underwrite (CVE-2023-25610)
CVE-2023-25610
- March 24, 2025
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
buffer underrun
RCE via Malformed HTTP in FortiWeb 7.0-7.4 (CVE-2024-55594)
CVE-2024-55594
9.8 - Critical
- March 14, 2025
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.
Improper Handling of Syntactically Invalid Structure
FortiWeb SQLi via log DB prior to 7.0.1, 6.4.2, 6.3.20 & 6.2.7
CVE-2022-29059
7.2 - High
- March 14, 2025
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically crafted strings parameters.
SQL Injection
FortiOS Format-String CVE-2024-45324 (v7.4.0-7.4.4 & v7.2.0-7.2.9 +)
CVE-2024-45324
7 - High
- March 11, 2025
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
Use of Externally-Controlled Format String
FortiWeb 7.x cmdExec via Invalid Syntax in HTTP
CVE-2023-42784
9.8 - Critical
- March 11, 2025
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.
Improper Handling of Syntactically Invalid Structure
Path traversal in Fortinet FortiWeb 7.0-7.6.0 allowing remote code execution
CVE-2024-55597
7.2 - High
- March 11, 2025
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.
Directory traversal
FortiWeb 7.4.0-7.6.0 OS Command Injection
CVE-2024-50567
- February 11, 2025
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.
Shell injection
FortiWeb 7.0.0-7.6.0 os Command Injection (CVE-2024-50569)
CVE-2024-50569
7.2 - High
- February 11, 2025
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.
Shell injection
Fortinet FortiRecorder PathTraversal (v7.2.0-7.2.1, v7.0.0-7.0.4)
CVE-2024-48885
5.2 - Medium
- January 16, 2025
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets.
Directory traversal
FortiWeb 7.2/7.4 Stack Buffer Overflow via CLI (CWE-120)
CVE-2024-21758
6.7 - Medium
- January 14, 2025
A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections.
Stack Overflow
FortiWeb SQLi 6.3.177.6.1: Improper Neutralization of Special Elements (SQL Injection)
CVE-2024-55593
2.7 - Low
- January 14, 2025
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries
SQL Injection
Path Trv Remote Auth Write in FortiManager 7.6.0-7.6.1, 7.4.1-7.4.3 (Fortinet)
CVE-2024-48884
7.1 - High
- January 14, 2025
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder
Directory traversal
FortiWeb: Exposure of Sensitive Information in Log Access Event
CVE-2024-36509
4.4 - Medium
- November 12, 2024
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
FortiWeb 7.2.0-7.2.1/7.0/6.4/6.3 Cert Flaw: Remote MIM Decrypt (CWE-295)
CVE-2024-33509
4.8 - Medium
- July 09, 2024
An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).
Improper Certificate Validation
FortiWebManager 6.07.2 Improper Auth Allows Remote Exec via HTTP/CLI
CVE-2024-23669
8.8 - High
- June 05, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
AuthZ
FortiWeb 7.2.0/7.0.0-7.0.4/6.3.0/6.2.3-6.2.4/6.0.2 Improper Auth RCE
CVE-2024-23667
8.8 - High
- June 03, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
FortiWebManager 6.0.2-7.2.0 Improper Authorization Allows Code Exec
CVE-2024-23668
8.8 - High
- June 03, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
Improper Input Validation
FortiWebManager 6.0.2-7.2.0 Improper Authorization Enables Code Execution
CVE-2024-23670
8.8 - High
- June 03, 2024
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
AuthZ
FortiWeb 7.4.2 Improper Auth for ADOM Ops (CVE-2024-23665)
CVE-2024-23665
8.8 - High
- June 03, 2024
Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.
AuthZ
FortiWeb 7.0.8/7.2.4/7.4.0 CLI Sensitive Data Exposure (CWE-200)
CVE-2024-23107
5.5 - Medium
- June 03, 2024
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands.
Information Disclosure
FortiWeb Log Forgery via Improper Log Output Neutralization 6.2.0-7.4.0
CVE-2023-46713
5.3 - Medium
- December 13, 2023
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.
Improper Output Neutralization for Logs
FortiWeb 6.3-7.2 Unauthorized Code Exec via HTTP (CVE-2023-34984)
CVE-2023-34984
7.1 - High
- September 13, 2023
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
Protection Mechanism Failure
FortiWeb 6.3.187.0.1 OS Command Injection via CLI backup
CVE-2023-23777
7.2 - High
- July 11, 2023
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.
Shell injection
Denial-of-Service via Infinite Loop in FortiOS/Proxy/Web ( 7.2.4)
CVE-2023-33305
6.5 - Medium
- June 13, 2023
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.
Infinite Loop
Fortinet FortiWeb/ADC OS Command Injection in v7.0-7.1.1
CVE-2022-43948
7.8 - High
- April 11, 2023
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fortinet FortiWeb or by Fortinet? Click the Watch button to subscribe.
