The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
-
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager and FortiAnalyzer may allow an authenticated attacker with high privilege to extract database information via crafted requests. Revised on 2025-07-09 00:00:00
-
An improper access control vulnerability [CWE-284] in FortiIsolator logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request. Revised on 2025-07-08 00:00:00
-
Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in FortiVoice may allow a privileged attacker to execute arbitrary code or commands via crafted HTTP/HTTPS or CLI requests. Revised on 2025-07-08 00:00:00
-
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS and FortiProxy may allow a remote unauthenticated user to bypass the DNS filter via Apple devices. Revised on 2025-07-08 00:00:00
-
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS cw_stad daemon may allow an authenticated attacker to execute arbitrary code or commands via specifically crafted requests. Revised on 2025-07-08 00:00:00
-
A missing critical step in authentication vulnerability [CWE-304] in FortiOS & FortiProxy may allow an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid Revised on 2025-07-08 00:00:00
-
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox & FortiIsolator may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted. Revised on 2025-07-08 00:00:00
-
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. Revised on 2025-07-08 00:00:00
-
A stack-based overflow vulnerability [CWE-124] in FortiOS, FortiProxy, FortiPAM and FortiSwitchManager may allow a remote attacker to execute arbitrary code or command via crafted packets reaching the fgfmd daemon, under certain conditions which are outside the control of the attacker. Revised on 2025-06-23 00:00:00
-
A server-side request forgery vulnerability [CWE-918] in FortiClientEMS may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests. Revised on 2025-06-10 00:00:00
-
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets. Revised on 2025-06-10 00:00:00
-
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiClient Windows may allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection Revised on 2025-06-10 00:00:00
-
An Improper Handling of Insufficient Permissions or Privileges Vulnerability [CWE-280] in FortiPAM and FortiSRA GUI websocket could allow a low privileged user to access to a unauthorized resources via specially crafted http requests. Revised on 2025-06-10 00:00:00
-
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL. Revised on 2025-06-10 00:00:00
-
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiPortal may allow an authenticated attacker to view unauthorized device information via key modification in API requests. Revised on 2025-06-10 00:00:00
-
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out. Revised on 2025-06-10 00:00:00
-
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests. Revised on 2025-06-10 00:00:00
-
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command Revised on 2025-06-10 00:00:00
-
An Improper Privilege Management vulnerability [CWE-269] affecting FortiOS, FortiProxy & FortiWeb may allow an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module. Revised on 2025-06-10 00:00:00
-
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS and FortiProxy may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component. Revised on 2025-06-10 00:00:00