Search criteria
210 vulnerabilities found for FortiADC by Fortinet
FKIE_CVE-2025-58412
Vulnerability from fkie_nvd - Published: 2025-11-19 10:15 - Updated: 2025-11-20 14:38
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-25-736 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "026A9B16-7DB1-4488-B13D-F61272BAE7F1",
"versionEndExcluding": "7.6.4",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5091E7-982E-451B-B782-4C9669421558",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL."
}
],
"id": "CVE-2025-58412",
"lastModified": "2025-11-20T14:38:45.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-19T10:15:45.257",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-54971
Vulnerability from fkie_nvd - Published: 2025-11-18 17:16 - Updated: 2025-11-20 14:33
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-25-686 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31187E7F-51A7-4397-A04A-07F45593E090",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product"
}
],
"id": "CVE-2025-54971",
"lastModified": "2025-11-20T14:33:09.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-18T17:16:03.680",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-686"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-48839
Vulnerability from fkie_nvd - Published: 2025-11-18 17:16 - Updated: 2025-11-20 14:37
Severity ?
Summary
An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-25-225 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E77DAF02-DADB-4F22-817B-39059388C7FC",
"versionEndExcluding": "7.4.8",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B70F7B79-80C8-4DD1-A310-86E4EEC373EC",
"versionEndExcluding": "7.6.3",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE5091E7-982E-451B-B782-4C9669421558",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests."
}
],
"id": "CVE-2025-48839",
"lastModified": "2025-11-20T14:37:57.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-11-18T17:16:02.610",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-225"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59921
Vulnerability from fkie_nvd - Published: 2025-10-14 16:15 - Updated: 2025-10-16 14:47
Severity ?
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-23-434 | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D24E0A5-DCC9-406E-B9C9-DBA37E728A7B",
"versionEndExcluding": "7.1.5",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF4EE14-8BCF-425A-9A49-1CF82BD47573",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C624CB5-F745-4781-839A-B397EC97590B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests."
}
],
"id": "CVE-2025-59921",
"lastModified": "2025-10-16T14:47:39.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-10-14T16:15:41.200",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Broken Link"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-434"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-49813
Vulnerability from fkie_nvd - Published: 2025-08-12 19:15 - Updated: 2025-08-15 12:26
Severity ?
Summary
An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-25-501 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5275C5C-B6FD-4456-B143-ECDD282150C4",
"versionEndIncluding": "6.2.6",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30963483-E0D5-4B71-B649-79194ACC77BF",
"versionEndExcluding": "7.1.2",
"versionStartIncluding": "7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74B0A112-AA30-4D11-8F36-3DC8A2EBCA16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS Command (\"OS Command Injection\") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\"Inyecci\u00f3n de comando del sistema operativo\") [CWE-78] en Fortinet FortiADC versi\u00f3n 7.2.0 y anteriores a 7.1.1 permite que un atacante remoto y autenticado con bajos privilegios ejecute c\u00f3digo no autorizado a trav\u00e9s de par\u00e1metros HTTP espec\u00edficamente manipulada."
}
],
"id": "CVE-2025-49813",
"lastModified": "2025-08-15T12:26:02.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-08-12T19:15:30.853",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-501"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-31104
Vulnerability from fkie_nvd - Published: 2025-06-10 17:21 - Updated: 2025-07-22 17:06
Severity ?
Summary
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-25-099 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76B80010-5154-4695-927C-D9E104D956F6",
"versionEndExcluding": "7.1.5",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA91E054-96EB-4F87-8132-0838D6F40F36",
"versionEndExcluding": "7.2.8",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE545405-6F6D-4B5F-929C-FE966F3C5FC7",
"versionEndExcluding": "7.4.7",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0431F4-19A9-4D05-8290-16C5ABC149D3",
"versionEndExcluding": "7.6.2",
"versionStartIncluding": "7.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests."
},
{
"lang": "es",
"value": "Una vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del SO (\u0027inyecci\u00f3n de comando del SO\u0027) [CWE-78] en FortiADC 7.6.0 a 7.6.1, 7.4.0 a 7.4.6, 7.2.0 a 7.2.7, 7.1.0 a 7.1.4, 7.0 todas las versiones, 6.2 todas las versiones, 6.1 todas las versiones puede permitir que un atacante autenticado ejecute c\u00f3digo no autorizado a trav\u00e9s de solicitudes HTTP manipuladas."
}
],
"id": "CVE-2025-31104",
"lastModified": "2025-07-22T17:06:49.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
}
]
},
"published": "2025-06-10T17:21:22.873",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-099"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-37933
Vulnerability from fkie_nvd - Published: 2025-03-11 15:15 - Updated: 2025-07-22 21:39
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-23-216 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB611E1-5D4B-4982-8BF1-A3AF8D76699B",
"versionEndExcluding": "7.1.4",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496EDF78-A907-4340-8DE2-7FC9520DAD14",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C624CB5-F745-4781-839A-B397EC97590B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1\tand before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests."
},
{
"lang": "es",
"value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\u0027Cross-site Scripting\u0027) [CWE-79] en la GUI de FortiADC versi\u00f3n 7.4.0, 7.2.0 a 7.2.1 y anteriores a 7.1.3 permite que un atacante autenticado realice un ataque XSS a trav\u00e9s de solicitudes HTTP o HTTPS manipuladas."
}
],
"id": "CVE-2023-37933",
"lastModified": "2025-07-22T21:39:07.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-11T15:15:38.480",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-216"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
CVE-2025-58412 (GCVE-0-2025-58412)
Vulnerability from cvelistv5 – Published: 2025-11-19 09:49 – Updated: 2025-11-20 16:36
VLAI?
Summary
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL.
Severity ?
CWE
- CWE-80 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
8.0.0
Affected: 7.6.0 , ≤ 7.6.3 (semver) Affected: 7.4.0 , ≤ 7.4.9 (semver) Affected: 7.2.0 , ≤ 7.2.8 (semver) cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:55:21.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T16:36:14.427Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-58412",
"datePublished": "2025-11-19T09:49:04.525Z",
"dateReserved": "2025-09-01T09:44:13.174Z",
"dateUpdated": "2025-11-20T16:36:14.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48839 (GCVE-0-2025-48839)
Vulnerability from cvelistv5 – Published: 2025-11-18 17:01 – Updated: 2025-11-19 04:55
VLAI?
Summary
An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests.
Severity ?
CWE
- CWE-787 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
8.0.0
Affected: 7.6.0 , ≤ 7.6.2 (semver) Affected: 7.4.0 , ≤ 7.4.7 (semver) Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.1.0 , ≤ 7.1.5 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:33.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T17:01:25.620Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-225",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-225"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.3 or above\nUpgrade to FortiADC version 7.4.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-48839",
"datePublished": "2025-11-18T17:01:25.620Z",
"dateReserved": "2025-05-27T08:00:40.714Z",
"dateUpdated": "2025-11-19T04:55:33.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54971 (GCVE-0-2025-54971)
Vulnerability from cvelistv5 – Published: 2025-11-18 17:01 – Updated: 2025-11-19 14:16
VLAI?
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product
Severity ?
CWE
- CWE-200 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.1.0 , ≤ 7.1.5 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:16:46.116202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:16:51.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T17:01:17.182Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-686",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-686"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 7.6.0 or above\nUpgrade to FortiADC version 7.4.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-54971",
"datePublished": "2025-11-18T17:01:17.182Z",
"dateReserved": "2025-08-04T08:14:35.421Z",
"dateUpdated": "2025-11-19T14:16:51.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59921 (GCVE-0-2025-59921)
Vulnerability from cvelistv5 – Published: 2025-10-14 15:23 – Updated: 2025-10-14 17:35
VLAI?
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests.
Severity ?
CWE
- CWE-200 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.3 (semver) Affected: 7.1.0 , ≤ 7.1.4 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T17:35:23.426428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T17:35:30.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.4",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T15:23:42.754Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-434",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-434"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 7.4.1 or above\nUpgrade to FortiADC version 7.2.4 or above\nUpgrade to FortiADC version 7.1.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-59921",
"datePublished": "2025-10-14T15:23:42.754Z",
"dateReserved": "2025-09-23T12:51:54.672Z",
"dateUpdated": "2025-10-14T17:35:30.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49813 (GCVE-0-2025-49813)
Vulnerability from cvelistv5 – Published: 2025-08-12 18:59 – Updated: 2025-08-13 15:04
VLAI?
Summary
An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
7.2.0
Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T15:04:31.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS Command (\"OS Command Injection\") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T18:59:19.468Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-501",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-501"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiADC version 7.2.1 or above\nPlease upgrade to FortiADC version 7.1.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-49813",
"datePublished": "2025-08-12T18:59:19.468Z",
"dateReserved": "2025-06-11T13:46:02.438Z",
"dateUpdated": "2025-08-13T15:04:31.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31104 (GCVE-0-2025-31104)
Vulnerability from cvelistv5 – Published: 2025-06-10 16:36 – Updated: 2025-06-11 04:01
VLAI?
Summary
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
7.6.0 , ≤ 7.6.1
(semver)
Affected: 7.4.0 , ≤ 7.4.6 (semver) Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.1.0 , ≤ 7.1.4 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) Affected: 6.1.0 , ≤ 6.1.6 (semver) cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T04:01:45.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.6",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.4",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.6",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T16:36:13.131Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-099",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-099"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiADC version 8.0.0 or above \nPlease upgrade to FortiADC version 7.6.2 or above \nPlease upgrade to FortiADC version 7.4.7 or above \nPlease upgrade to FortiADC version 7.2.8 or above \nPlease upgrade to FortiADC version 7.1.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-31104",
"datePublished": "2025-06-10T16:36:13.131Z",
"dateReserved": "2025-03-26T14:23:51.630Z",
"dateUpdated": "2025-06-11T04:01:45.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37933 (GCVE-0-2023-37933)
Vulnerability from cvelistv5 – Published: 2025-03-11 14:54 – Updated: 2025-03-12 04:00
VLAI?
Summary
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests.
Severity ?
CWE
- CWE-79 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.1 (semver) Affected: 7.1.0 , ≤ 7.1.3 (semver) Affected: 7.0.0 , ≤ 7.0.5 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) Affected: 6.1.0 , ≤ 6.1.6 (semver) Affected: 6.0.0 , ≤ 6.0.4 (semver) Affected: 5.4.0 , ≤ 5.4.5 (semver) Affected: 5.3.0 , ≤ 5.3.7 (semver) cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T04:00:48.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.3",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.6",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.5",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.7",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of input during web page generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1\tand before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T14:54:35.895Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-216",
"url": "https://fortiguard.com/psirt/FG-IR-23-216"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiADC version 7.4.1 or above \nPlease upgrade to FortiADC version 7.2.2 or above \nPlease upgrade to FortiADC version 7.1.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-37933",
"datePublished": "2025-03-11T14:54:35.895Z",
"dateReserved": "2023-07-11T08:16:54.092Z",
"dateUpdated": "2025-03-12T04:00:48.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58412 (GCVE-0-2025-58412)
Vulnerability from nvd – Published: 2025-11-19 09:49 – Updated: 2025-11-20 16:36
VLAI?
Summary
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL.
Severity ?
CWE
- CWE-80 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
8.0.0
Affected: 7.6.0 , ≤ 7.6.3 (semver) Affected: 7.4.0 , ≤ 7.4.9 (semver) Affected: 7.2.0 , ≤ 7.2.8 (semver) cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:55:21.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T16:36:14.427Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-58412",
"datePublished": "2025-11-19T09:49:04.525Z",
"dateReserved": "2025-09-01T09:44:13.174Z",
"dateUpdated": "2025-11-20T16:36:14.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48839 (GCVE-0-2025-48839)
Vulnerability from nvd – Published: 2025-11-18 17:01 – Updated: 2025-11-19 04:55
VLAI?
Summary
An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests.
Severity ?
CWE
- CWE-787 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
8.0.0
Affected: 7.6.0 , ≤ 7.6.2 (semver) Affected: 7.4.0 , ≤ 7.4.7 (semver) Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.1.0 , ≤ 7.1.5 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:33.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T17:01:25.620Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-225",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-225"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.3 or above\nUpgrade to FortiADC version 7.4.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-48839",
"datePublished": "2025-11-18T17:01:25.620Z",
"dateReserved": "2025-05-27T08:00:40.714Z",
"dateUpdated": "2025-11-19T04:55:33.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54971 (GCVE-0-2025-54971)
Vulnerability from nvd – Published: 2025-11-18 17:01 – Updated: 2025-11-19 14:16
VLAI?
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product
Severity ?
CWE
- CWE-200 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.8 (semver) Affected: 7.1.0 , ≤ 7.1.5 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:16:46.116202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:16:51.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T17:01:17.182Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-686",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-686"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 7.6.0 or above\nUpgrade to FortiADC version 7.4.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-54971",
"datePublished": "2025-11-18T17:01:17.182Z",
"dateReserved": "2025-08-04T08:14:35.421Z",
"dateUpdated": "2025-11-19T14:16:51.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59921 (GCVE-0-2025-59921)
Vulnerability from nvd – Published: 2025-10-14 15:23 – Updated: 2025-10-14 17:35
VLAI?
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests.
Severity ?
CWE
- CWE-200 - Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
7.4.0
Affected: 7.2.0 , ≤ 7.2.3 (semver) Affected: 7.1.0 , ≤ 7.1.4 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T17:35:23.426428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T17:35:30.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.3",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.4",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T15:23:42.754Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-434",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-434"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 7.4.1 or above\nUpgrade to FortiADC version 7.2.4 or above\nUpgrade to FortiADC version 7.1.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-59921",
"datePublished": "2025-10-14T15:23:42.754Z",
"dateReserved": "2025-09-23T12:51:54.672Z",
"dateUpdated": "2025-10-14T17:35:30.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49813 (GCVE-0-2025-49813)
Vulnerability from nvd – Published: 2025-08-12 18:59 – Updated: 2025-08-13 15:04
VLAI?
Summary
An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
7.2.0
Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T15:04:31.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS Command (\"OS Command Injection\") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T18:59:19.468Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-501",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-501"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiADC version 7.2.1 or above\nPlease upgrade to FortiADC version 7.1.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-49813",
"datePublished": "2025-08-12T18:59:19.468Z",
"dateReserved": "2025-06-11T13:46:02.438Z",
"dateUpdated": "2025-08-13T15:04:31.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31104 (GCVE-0-2025-31104)
Vulnerability from nvd – Published: 2025-06-10 16:36 – Updated: 2025-06-11 04:01
VLAI?
Summary
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Affected:
7.6.0 , ≤ 7.6.1
(semver)
Affected: 7.4.0 , ≤ 7.4.6 (semver) Affected: 7.2.0 , ≤ 7.2.7 (semver) Affected: 7.1.0 , ≤ 7.1.4 (semver) Affected: 7.0.0 , ≤ 7.0.6 (semver) Affected: 6.2.0 , ≤ 6.2.6 (semver) Affected: 6.1.0 , ≤ 6.1.6 (semver) cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T04:01:45.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.6",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.4",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.6",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T16:36:13.131Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-099",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-099"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiADC version 8.0.0 or above \nPlease upgrade to FortiADC version 7.6.2 or above \nPlease upgrade to FortiADC version 7.4.7 or above \nPlease upgrade to FortiADC version 7.2.8 or above \nPlease upgrade to FortiADC version 7.1.5 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-31104",
"datePublished": "2025-06-10T16:36:13.131Z",
"dateReserved": "2025-03-26T14:23:51.630Z",
"dateUpdated": "2025-06-11T04:01:45.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-1023
Vulnerability from certfr_avis - Published: 2025-11-19 - Updated: 2025-11-19
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Fortinet indique que la vulnérabilité CVE-2025-58034 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.6.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | N/A | FortiExtender versions antérieures à 7.4.8 | ||
| Fortinet | FortiSASE | FortiSASE versions antérieures à 25.3.c | ||
| Fortinet | FortiClient | FortiClientWindows versions antérieures à 7.2.11 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 5.0.x antérieures à 5.0.2 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.6 (à venir) | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.6.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 8.0.x antérieures à 8.0.2 | ||
| Fortinet | FortiADC | FortiADC versions 8.0.x antérieures à 8.0.1 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 7.6.4 | ||
| Fortinet | N/A | FortiExtender versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions à 4.4.8 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.6.6 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSASE versions ant\u00e9rieures \u00e0 25.3.c",
"product": {
"name": "FortiSASE",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.6 (\u00e0 venir)",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.6.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 8.0.x ant\u00e9rieures \u00e0 8.0.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions \u00e0 4.4.8",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.6",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-46215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46215"
},
{
"name": "CVE-2025-58412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58412"
},
{
"name": "CVE-2025-54821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54821"
},
{
"name": "CVE-2025-46776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46776"
},
{
"name": "CVE-2025-46775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46775"
},
{
"name": "CVE-2025-59669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59669"
},
{
"name": "CVE-2025-54660",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54660"
},
{
"name": "CVE-2025-47761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47761"
},
{
"name": "CVE-2025-48839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48839"
},
{
"name": "CVE-2025-53843",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53843"
},
{
"name": "CVE-2025-61713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61713"
},
{
"name": "CVE-2025-54971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54971"
},
{
"name": "CVE-2025-58692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58692"
},
{
"name": "CVE-2025-54972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54972"
},
{
"name": "CVE-2025-58413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58413"
},
{
"name": "CVE-2025-58034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58034"
},
{
"name": "CVE-2025-46373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46373"
}
],
"initial_release_date": "2025-11-19T00:00:00",
"last_revision_date": "2025-11-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1023",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-58034 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-259",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-259"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-125",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-125"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-112",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-112"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-358",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-358"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-686",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-686"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-513",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-513"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-789",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-789"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-632",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-632"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-501",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-501"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-545",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-545"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-634",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-634"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-736",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-736"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-844",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-844"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-251",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-251"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-666",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-666"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-843",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-843"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-225",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-225"
}
]
}
CERTFR-2025-AVI-0871
Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiDLP | FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x | ||
| Fortinet | FortiADC | FortiADC toutes versions 6.2.x et 7.0.x | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10 | ||
| Fortinet | FortiTester | FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.0.7 à 6.0.12 | ||
| Fortinet | FortiClient | FortiClientMac toutes versions 7.0.x | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise toutes versions 7.3.x et 7.4.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiPAM | FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x | ||
| Fortinet | FortiSRA | FortiSRA versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiWeb | FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x | ||
| Fortinet | FortiDLP | FortiDLP versions 12.2.x et antérieures à 12.2.3 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiNDR | FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiManager | FortiManager Cloud toutes versions 6.4.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiSIEM | FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiSRA | FortiSRA versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiClient | FortiClientWindows toutes versions 7.0.x | ||
| Fortinet | FortiIsolator | FortiIsolator versions 2.4.x antérieures à 2.4.5 | ||
| Fortinet | FortiTester | FortiTester version 7.4 antérieures à 7.4.3 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.10 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6 | ||
| Fortinet | FortiOS | FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x | ||
| Fortinet | FortiIsolator | FortiIsolator toutes versions 2.3.x | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antérieures à 7.1.5 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud toutes versions 6.4.x | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.14 | ||
| Fortinet | FortiManager | FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
"product": {
"name": "FortiDLP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 6.2.x et 7.0.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
"product": {
"name": "FortiDLP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud toutes versions 6.4.x",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester version 7.4 ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator toutes versions 2.3.x",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud toutes versions 6.4.x",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
},
{
"name": "CVE-2025-46752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
},
{
"name": "CVE-2025-31365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
},
{
"name": "CVE-2025-49201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
},
{
"name": "CVE-2025-54822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
},
{
"name": "CVE-2025-57741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
},
{
"name": "CVE-2025-58903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
},
{
"name": "CVE-2025-31514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
},
{
"name": "CVE-2025-25253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
},
{
"name": "CVE-2024-33507",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
},
{
"name": "CVE-2025-25255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
},
{
"name": "CVE-2023-46718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
},
{
"name": "CVE-2025-47890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-26008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
},
{
"name": "CVE-2025-25252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
},
{
"name": "CVE-2024-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
},
{
"name": "CVE-2025-59921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
},
{
"name": "CVE-2025-53951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
},
{
"name": "CVE-2025-53950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
},
{
"name": "CVE-2025-58324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
},
{
"name": "CVE-2025-53845",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
},
{
"name": "CVE-2024-50571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
},
{
"name": "CVE-2025-46774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
},
{
"name": "CVE-2025-31366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
},
{
"name": "CVE-2025-57716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
},
{
"name": "CVE-2024-47569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
},
{
"name": "CVE-2025-22258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
},
{
"name": "CVE-2025-57740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
},
{
"name": "CVE-2025-54973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
},
{
"name": "CVE-2025-54658",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0871",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
}
]
}
CERTFR-2025-AVI-0679
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Fortinet indique avoir connaissance de code d'exploitation public pour la vulnérabilité CVE-2025-25256.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 7.0.5 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.4 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.1.x antérieures à 7.1.8 | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.0.14 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.4.7 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.11 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiSOAR | FortiSOAR versions antérieures à 7.5.2 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.4.8 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiCamera | FortiCamera versions 2.1.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.4.3 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiManager | FortiManager Cloud versions antérieures à 7.2.10 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.3.x antérieures à 7.3.2 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.7.10 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiCamera | FortiCamera versions antérieures à 2.0.1 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 7.4.4 | ||
| Fortinet | FortiVoice | FortiVoice versions antérieures à 6.4.10 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.2 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.6.x antérieures à 7.6.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.8",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.5.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions 2.1.x toutes versions",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.7.10",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25248"
},
{
"name": "CVE-2025-47857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47857"
},
{
"name": "CVE-2025-32766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32766"
},
{
"name": "CVE-2024-48892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48892"
},
{
"name": "CVE-2025-53744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53744"
},
{
"name": "CVE-2024-52964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52964"
},
{
"name": "CVE-2025-49813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49813"
},
{
"name": "CVE-2025-25256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"
},
{
"name": "CVE-2025-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"
},
{
"name": "CVE-2025-27759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27759"
},
{
"name": "CVE-2025-32932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32932"
},
{
"name": "CVE-2024-26009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26009"
},
{
"name": "CVE-2024-40588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40588"
},
{
"name": "CVE-2023-45584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45584"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0679",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique avoir connaissance de code d\u0027exploitation public pour la vuln\u00e9rabilit\u00e9 CVE-2025-25256.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-501",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-501"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-421",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-421"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-173",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-173"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-152",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-152"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-042",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-042"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-150",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-150"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-383",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-383"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-364",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-364"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-253",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-253"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-309",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-309"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-513",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-513"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-448",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-448"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-473",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-473"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-209",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-209"
}
]
}
CERTFR-2025-AVI-0496
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 7.2.x | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 1.1.x | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.2 | ||
| Fortinet | FortiADC | FortiADC toutes versions 7.0.x | ||
| Fortinet | FortiClient | FortiClientEMS versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiClient | FortiClientEMS versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiOS | FortiOS toutes versions 6.4.x | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 1.2.x | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiOS | FortiOS toutes versions 7.0.x | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiOS | FortiOS toutes versions 6.2.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.1.3 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiClient | FortiClientWindows toutes versions 7.0.x | ||
| Fortinet | FortiClient | FortiClientEMS toutes versions 6.4.x | ||
| Fortinet | FortiOS | FortiOS toutes versions 7.2.x | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiADC | FortiADC toutes versions 6.2.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.3.x antérieures à 1.3.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antérieures à 7.1.5 | ||
| Fortinet | FortiSRA | FortiSRA versions 1.4.x antérieures à 1.4.2 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 2.0.x | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiADC | FortiADC toutes versions 6.1.x | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 7.0.x | ||
| Fortinet | FortiADC | FortiADC versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.2.x antérieures à 1.2.1 | ||
| Fortinet | FortiClient | FortiClientEMS toutes versions 6.2.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.0.x antérieures à 1.0.4 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 7.2.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 1.1.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 7.0.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 6.4.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 1.2.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 7.0.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 6.2.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS toutes versions 6.4.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 7.2.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 6.2.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.3.x ant\u00e9rieures \u00e0 1.3.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.2",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 2.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 6.1.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 7.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.2.x ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS toutes versions 6.2.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.0.x ant\u00e9rieures \u00e0 1.0.4",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-32119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32119"
},
{
"name": "CVE-2023-48786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48786"
},
{
"name": "CVE-2024-50562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50562"
},
{
"name": "CVE-2025-22256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22256"
},
{
"name": "CVE-2023-29184",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29184"
},
{
"name": "CVE-2024-54019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54019"
},
{
"name": "CVE-2025-24471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24471"
},
{
"name": "CVE-2025-31104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31104"
},
{
"name": "CVE-2024-45329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45329"
},
{
"name": "CVE-2024-50568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50568"
},
{
"name": "CVE-2025-25250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25250"
},
{
"name": "CVE-2025-22251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22251"
},
{
"name": "CVE-2025-22254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22254"
},
{
"name": "CVE-2025-22862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22862"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0496",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-385",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-385"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-274",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-274"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-257",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-257"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-099",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-099"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-375",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-375"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-058",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-058"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-008",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-008"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-006",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-006"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-287",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-287"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-342",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-342"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-008",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-008"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-544",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-544"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-339",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-339"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-365",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-365"
}
]
}
CERTFR-2025-AVI-0197
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.4 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.1.x antérieures à 7.1.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.20 | ||
| Fortinet | N/A | FortiSRA versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 7.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.3.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.16 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.0.6 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.6.1 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 6.4.16 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiIsolator versions 2.4.x antérieures à 2.4.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 5.0.x antérieures à 5.0.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.4.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-54026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
},
{
"name": "CVE-2024-45328",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
},
{
"name": "CVE-2024-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
},
{
"name": "CVE-2024-54018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
},
{
"name": "CVE-2024-54027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
},
{
"name": "CVE-2023-42784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
},
{
"name": "CVE-2023-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
},
{
"name": "CVE-2024-32123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
},
{
"name": "CVE-2024-55590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
},
{
"name": "CVE-2024-52960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
},
{
"name": "CVE-2023-40723",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
},
{
"name": "CVE-2023-37933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
},
{
"name": "CVE-2024-55597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
},
{
"name": "CVE-2024-55592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
},
{
"name": "CVE-2024-33501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
},
{
"name": "CVE-2024-52961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
},
{
"name": "CVE-2024-45324",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
},
{
"name": "CVE-2024-55594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0197",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
}
]
}