Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    154 vulnerabilities found for FortiMail by Fortinet

    CERTFR-2026-AVI-0575

    Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.4
    Fortinet FortiAP FortiAP-W2 versions antérieures à 7.4.5
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.4
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.5
    Fortinet FortiSandbox FortiSandbox PaaS 21.x, 22.x, et 23.x toutes versions
    Fortinet FortiSandbox FortiSandbox PaaS versions 4.4.x antérieures à 4.4.9
    Fortinet FortiAP FortiAP versions 7.6.x antérieures à 7.6.3
    Fortinet FortiAP FortiAP-U versions 7.0.x antérieures à 7.0.6
    Fortinet FortiDeceptor FortiDeceptor versions 5.x et 6.x antérieures à 6.1
    Fortinet FortiSandbox FortiSandbox Cloud 24 toutes versions
    Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.5
    Fortinet FortiClient FortiClientWindows versions antérieures à 7.4.3
    Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.9
    Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.9
    Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.12
    Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.6
    Fortinet FortiSandbox FortiSandbox versions 5.x antérieures à 5.0.2
    Fortinet N/A FortiTokenAndroid versions antérieures à 6.4
    Fortinet FortiAuthenticator FortiAuthenticator versions 6.5.x antérieures à 6.5.7
    Fortinet FortiManager FortiManager versions antérieures à 7.4.9
    Fortinet FortiSandbox FortiSandbox Cloud 23 toutes versions
    Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.3
    Fortinet FortiSandbox FortiSandbox Cloud versions 5.x antérieures à 5.0.6
    Fortinet FortiAuthenticator FortiAuthenticator versions 6.6.x antérieures à 6.6.9
    Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 7.4.9
    Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.9
    Fortinet FortiNDR FortiNDR versions 7.x antérieures à 7.4.10
    Fortinet FortiAP FortiAP versions antérieures à 7.4.6
    Fortinet FortiSandbox FortiSandbox PaaS versions 5.0.x antérieures à 5.0.2
    Fortinet FortiAuthenticator FortiAuthenticator versions 8.0.x antérieures à 8.0.3
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS 21.x, 22.x, et 23.x toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP-U versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiDeceptor versions 5.x et 6.x ant\u00e9rieures \u00e0 6.1",
          "product": {
            "name": "FortiDeceptor",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud 24 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.x ant\u00e9rieures \u00e0 5.0.2",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiTokenAndroid versions ant\u00e9rieures \u00e0 6.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator versions 6.5.x ant\u00e9rieures \u00e0 6.5.7",
          "product": {
            "name": "FortiAuthenticator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud 23 toutes versions",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox Cloud versions 5.x ant\u00e9rieures \u00e0 5.0.6",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator versions 6.6.x ant\u00e9rieures \u00e0 6.6.9",
          "product": {
            "name": "FortiAuthenticator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.x ant\u00e9rieures \u00e0 7.4.10",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAP versions ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiAP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox PaaS versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAuthenticator versions 8.0.x ant\u00e9rieures \u00e0 8.0.3",
          "product": {
            "name": "FortiAuthenticator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-44279",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44279"
        },
        {
          "name": "CVE-2026-25690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25690"
        },
        {
          "name": "CVE-2026-44277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44277"
        },
        {
          "name": "CVE-2025-53844",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53844"
        },
        {
          "name": "CVE-2025-53681",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53681"
        },
        {
          "name": "CVE-2026-26083",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26083"
        },
        {
          "name": "CVE-2025-67604",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-67604"
        },
        {
          "name": "CVE-2026-44278",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44278"
        },
        {
          "name": "CVE-2025-53680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53680"
        },
        {
          "name": "CVE-2025-53870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53870"
        },
        {
          "name": "CVE-2026-25088",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25088"
        }
      ],
      "initial_release_date": "2026-05-13T00:00:00",
      "last_revision_date": "2026-05-13T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0575",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-05-13T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-137",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-137"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-133",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-133"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-138",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-138"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-130",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-130"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-134",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-134"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-136",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-136"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-123",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-123"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-129",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-129"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-128",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-128"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-132",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-132"
        },
        {
          "published_at": "2026-05-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-131",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-131"
        }
      ]
    }

    CERTFR-2026-AVI-0265

    Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

    Concernant la vulnérabilité CVE-2025-66178, l'éditeur fournit certaines recommandations dans l'attente de la version correctrice.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiClient FortiClientLinux versions 7.4.x antérieures à 7.4.5
    Fortinet FortiAnalyzer FortiAnalyzer-BigData versions 7.6.x antérieures à 7.6.1
    Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.5
    Fortinet FortiClient FortiClientLinux versions antérieures à 7.2.13
    Fortinet FortiSandbox FortiSandbox versions antérieures à 4.4.8
    Fortinet FortiManager FortiManager versions antérieures à 7.6.5
    Fortinet FortiManager FortiManager Cloud versions antérieures à 7.6.5
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.3
    Fortinet FortiDeceptor FortiDeceptor toutes versions antérieures à 6.2.1
    Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.1
    Fortinet FortiAnalyzer FortiAnalyzer Cloud versions antérieures à 7.6.5
    Fortinet FortiSOAR FortiSOAR Agent Communication Bridge versions antérieures à 1.1.1
    Fortinet FortiWeb FortiWeb versions antérieures à 7.6.7
    Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.7
    Fortinet FortiSIEM FortiSIEM versions 7.4.x antérieures à 7.4.1
    Fortinet FortiSIEM FortiSIEM versions 7.3.x antérieures à 7.3.5
    Fortinet FortiWeb FortiWeb versions 8.0.x antérieures à 8.0.4
    Fortinet FortiRecorder FortiRecorder toutes versions antérieures à 7.2.4
    Fortinet FortiAnalyzer FortiAnalyzer-BigData versions antérieures à 7.4.5
    Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.8
    Fortinet FortiSwitch FortiSwitchAXFixed versions 1.0.x antérieures à 1.0.2
    Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 7.6.5
    Fortinet FortiMail FortiMail versions 7.0.x antérieures à 7.0.9
    References
    Bulletin de sécurité Fortinet FG-IR-26-078 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-096 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-098 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-080 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-088 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-094 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-092 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-090 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-081 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-095 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-093 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-083 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-087 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-079 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-086 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-077 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-082 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-097 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-085 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-091 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-089 2026-03-10 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-26-084 2026-03-10 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiClientLinux versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer-BigData versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.13",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.8",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiDeceptor toutes versions ant\u00e9rieures \u00e0 6.2.1",
          "product": {
            "name": "FortiDeceptor",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR Agent Communication Bridge versions ant\u00e9rieures \u00e0 1.1.1",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.7",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.5",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder toutes versions ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchAXFixed versions 1.0.x ant\u00e9rieures \u00e0 1.0.2",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.6.5",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2026-30897",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-30897"
        },
        {
          "name": "CVE-2025-53608",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53608"
        },
        {
          "name": "CVE-2026-24017",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24017"
        },
        {
          "name": "CVE-2025-68648",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68648"
        },
        {
          "name": "CVE-2026-24640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24640"
        },
        {
          "name": "CVE-2026-22572",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22572"
        },
        {
          "name": "CVE-2025-48418",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48418"
        },
        {
          "name": "CVE-2025-48840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48840"
        },
        {
          "name": "CVE-2026-24641",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24641"
        },
        {
          "name": "CVE-2026-22627",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22627"
        },
        {
          "name": "CVE-2025-55717",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-55717"
        },
        {
          "name": "CVE-2026-24018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24018"
        },
        {
          "name": "CVE-2025-54820",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54820"
        },
        {
          "name": "CVE-2025-49784",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49784"
        },
        {
          "name": "CVE-2026-22629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22629"
        },
        {
          "name": "CVE-2025-66178",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66178"
        },
        {
          "name": "CVE-2026-25689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25689"
        },
        {
          "name": "CVE-2026-25972",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25972"
        },
        {
          "name": "CVE-2025-54659",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54659"
        },
        {
          "name": "CVE-2025-68482",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68482"
        },
        {
          "name": "CVE-2026-22628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22628"
        },
        {
          "name": "CVE-2026-25836",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25836"
        }
      ],
      "initial_release_date": "2026-03-11T00:00:00",
      "last_revision_date": "2026-03-11T00:00:00",
      "links": [],
      "reference": "CERTFR-2026-AVI-0265",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2026-03-11T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nConcernant la vuln\u00e9rabilit\u00e9 CVE-2025-66178, l\u0027\u00e9diteur fournit certaines recommandations dans l\u0027attente de la version correctrice.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-078",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-078"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-096",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-096"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-098",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-098"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-080",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-080"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-088",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-088"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-094",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-094"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-092",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-092"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-090",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-090"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-081",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-081"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-095",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-095"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-093",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-093"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-083",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-083"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-087",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-087"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-079",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-079"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-086",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-086"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-077",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-077"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-082",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-082"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-097",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-097"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-085",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-085"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-091",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-091"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-089",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-089"
        },
        {
          "published_at": "2026-03-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-084",
          "url": "https://www.fortiguard.com/psirt/FG-IR-26-084"
        }
      ]
    }

    CERTFR-2025-AVI-1023

    Vulnerability from certfr_avis - Published: 2025-11-19 - Updated: 2025-11-19

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

    Fortinet indique que la vulnérabilité CVE-2025-58034 est activement exploitée.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiADC FortiADC versions 7.4.x antérieures à 7.4.8
    Fortinet FortiOS FortiOS versions antérieures à 7.6.4
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.4
    Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.3
    Fortinet N/A FortiExtender versions antérieures à 7.4.8
    Fortinet FortiSASE FortiSASE versions antérieures à 25.3.c
    Fortinet FortiClient FortiClientWindows versions antérieures à 7.2.11
    Fortinet FortiClient FortiClientWindows versions 7.4.x antérieures à 7.4.4
    Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.8
    Fortinet FortiSandbox FortiSandbox versions 5.0.x antérieures à 5.0.2
    Fortinet FortiMail FortiMail versions antérieures à 7.4.6 (à venir)
    Fortinet FortiPAM FortiPAM versions antérieures à 1.6.1
    Fortinet FortiADC FortiADC versions 7.6.x antérieures à 7.6.4
    Fortinet FortiWeb FortiWeb versions 8.0.x antérieures à 8.0.2
    Fortinet FortiADC FortiADC versions 8.0.x antérieures à 8.0.1
    Fortinet FortiProxy FortiProxy versions antérieures à 7.6.4
    Fortinet N/A FortiExtender versions 7.6.x antérieures à 7.6.3
    Fortinet FortiSandbox FortiSandbox versions à 4.4.8
    Fortinet FortiWeb FortiWeb versions antérieures à 7.6.6
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSASE versions ant\u00e9rieures \u00e0 25.3.c",
          "product": {
            "name": "FortiSASE",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.2.11",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.6 (\u00e0 venir)",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.6.1",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions 8.0.x ant\u00e9rieures \u00e0 8.0.1",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions \u00e0 4.4.8",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.6",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-46215",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46215"
        },
        {
          "name": "CVE-2025-58412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58412"
        },
        {
          "name": "CVE-2025-54821",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54821"
        },
        {
          "name": "CVE-2025-46776",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46776"
        },
        {
          "name": "CVE-2025-46775",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46775"
        },
        {
          "name": "CVE-2025-59669",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59669"
        },
        {
          "name": "CVE-2025-54660",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54660"
        },
        {
          "name": "CVE-2025-47761",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47761"
        },
        {
          "name": "CVE-2025-48839",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-48839"
        },
        {
          "name": "CVE-2025-53843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53843"
        },
        {
          "name": "CVE-2025-61713",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61713"
        },
        {
          "name": "CVE-2025-54971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54971"
        },
        {
          "name": "CVE-2025-58692",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58692"
        },
        {
          "name": "CVE-2025-54972",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54972"
        },
        {
          "name": "CVE-2025-58413",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58413"
        },
        {
          "name": "CVE-2025-58034",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58034"
        },
        {
          "name": "CVE-2025-46373",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46373"
        }
      ],
      "initial_release_date": "2025-11-19T00:00:00",
      "last_revision_date": "2025-11-19T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1023",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-11-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Injection SQL (SQLi)"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-58034 est activement exploit\u00e9e.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-259",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-259"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-125",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-125"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-112",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-112"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-358",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-358"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-686",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-686"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-513",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-513"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-789",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-789"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-632",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-632"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-501",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-501"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-545",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-545"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-634",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-634"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-736",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-736"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-844",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-844"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-251",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-251"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-666",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-666"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-843",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-843"
        },
        {
          "published_at": "2025-11-18",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-225",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-225"
        }
      ]
    }

    CERTFR-2025-AVI-0871

    Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiDLP FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x
    Fortinet FortiADC FortiADC toutes versions 6.2.x et 7.0.x
    Fortinet FortiManager FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
    Fortinet FortiAnalyzer FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
    Fortinet FortiTester FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x
    Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.4
    Fortinet FortiVoice FortiVoice versions 6.0.7 à 6.0.12
    Fortinet FortiClient FortiClientMac toutes versions 7.0.x
    Fortinet FortiSOAR FortiSOAR on-premise toutes versions 7.3.x et 7.4.x
    Fortinet FortiSIEM FortiSIEM versions 7.2.x antérieures à 7.2.3
    Fortinet FortiPAM FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x
    Fortinet FortiSRA FortiSRA versions 1.5.x antérieures à 1.5.1
    Fortinet FortiWeb FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x
    Fortinet FortiDLP FortiDLP versions 12.2.x et antérieures à 12.2.3
    Fortinet FortiManager FortiManager Cloud versions 7.6.x antérieures à 7.6.3
    Fortinet FortiSOAR FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2
    Fortinet FortiNDR FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x
    Fortinet FortiClient FortiClientWindows versions 7.4.x antérieures à 7.4.4
    Fortinet FortiAnalyzer FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
    Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.10
    Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.5
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.7
    Fortinet FortiClient FortiClientWindows versions 7.2.x antérieures à 7.2.12
    Fortinet FortiManager FortiManager Cloud toutes versions 6.4.x
    Fortinet FortiPAM FortiPAM versions 1.4.x antérieures à 1.4.3
    Fortinet FortiManager FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
    Fortinet FortiPAM FortiPAM versions 1.5.x antérieures à 1.5.1
    Fortinet FortiSIEM FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x
    Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.7
    Fortinet FortiSRA FortiSRA versions 1.4.x antérieures à 1.4.3
    Fortinet FortiRecorder FortiRecorder versions 7.0.x antérieures à 7.0.5
    Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.5
    Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.6
    Fortinet FortiADC FortiADC versions 7.2.x antérieures à 7.2.4
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.4
    Fortinet FortiClient FortiClientWindows toutes versions 7.0.x
    Fortinet FortiIsolator FortiIsolator versions 2.4.x antérieures à 2.4.5
    Fortinet FortiTester FortiTester version 7.4 antérieures à 7.4.3
    Fortinet FortiVoice FortiVoice versions 6.4.x antérieures à 6.4.10
    Fortinet FortiManager FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
    Fortinet FortiOS FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x
    Fortinet FortiIsolator FortiIsolator toutes versions 2.3.x
    Fortinet FortiADC FortiADC versions 7.1.x antérieures à 7.1.5
    Fortinet FortiProxy FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x
    Fortinet FortiAnalyzer FortiAnalyzer Cloud toutes versions 6.4.x
    Fortinet FortiAnalyzer FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x
    Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.6
    Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.14
    Fortinet FortiManager FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x
    Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.1
    Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.2
    Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.4
    Fortinet FortiADC FortiADC versions 7.4.x antérieures à 7.4.1
    Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.9
    Fortinet FortiSwitch FortiSwitchManager versions 7.0.x antérieures à 7.0.4
    Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.3
    Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.2
    Fortinet FortiClient FortiClientMac versions 7.4.x antérieures à 7.4.4
    Fortinet FortiAnalyzer FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
    Fortinet FortiClient FortiClientMac versions 7.2.x antérieures à 7.2.12
    Fortinet FortiSOAR FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2
    References
    Bulletin de sécurité Fortinet FG-IR-24-372 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-412 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-228 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-280 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-685 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-452 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-487 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-639 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-037 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-684 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-23-354 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-041 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-198 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-160 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-361 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-861 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-542 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-771 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-010 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-378 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-442 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-664 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-756 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-126 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-628 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-457 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-062 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-24-546 2025-10-14 vendor-advisory
    Bulletin de sécurité Fortinet FG-IR-25-653 2025-10-14 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
          "product": {
            "name": "FortiDLP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC toutes versions 6.2.x et 7.0.x",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
          "product": {
            "name": "FortiTester",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientMac toutes versions 7.0.x",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
          "product": {
            "name": "FortiSRA",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
          "product": {
            "name": "FortiDLP",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud toutes versions 6.4.x",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
          "product": {
            "name": "FortiSRA",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows toutes versions 7.0.x",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
          "product": {
            "name": "FortiIsolator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiTester version 7.4 ant\u00e9rieures \u00e0  7.4.3",
          "product": {
            "name": "FortiTester",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiIsolator toutes versions 2.3.x",
          "product": {
            "name": "FortiIsolator",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer Cloud toutes versions 6.4.x",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-58325",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
        },
        {
          "name": "CVE-2025-46752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
        },
        {
          "name": "CVE-2025-31365",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
        },
        {
          "name": "CVE-2025-49201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
        },
        {
          "name": "CVE-2025-54822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
        },
        {
          "name": "CVE-2025-57741",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
        },
        {
          "name": "CVE-2025-58903",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
        },
        {
          "name": "CVE-2025-31514",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
        },
        {
          "name": "CVE-2025-25253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
        },
        {
          "name": "CVE-2024-33507",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
        },
        {
          "name": "CVE-2025-25255",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
        },
        {
          "name": "CVE-2023-46718",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
        },
        {
          "name": "CVE-2025-47890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
        },
        {
          "name": "CVE-2025-54988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
        },
        {
          "name": "CVE-2024-26008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
        },
        {
          "name": "CVE-2025-25252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
        },
        {
          "name": "CVE-2024-48891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
        },
        {
          "name": "CVE-2025-59921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
        },
        {
          "name": "CVE-2025-53951",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
        },
        {
          "name": "CVE-2025-53950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
        },
        {
          "name": "CVE-2025-58324",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
        },
        {
          "name": "CVE-2025-53845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
        },
        {
          "name": "CVE-2024-50571",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
        },
        {
          "name": "CVE-2025-46774",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
        },
        {
          "name": "CVE-2025-31366",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
        },
        {
          "name": "CVE-2025-57716",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
        },
        {
          "name": "CVE-2024-47569",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
        },
        {
          "name": "CVE-2025-22258",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
        },
        {
          "name": "CVE-2025-57740",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
        },
        {
          "name": "CVE-2025-54973",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
        },
        {
          "name": "CVE-2025-54658",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
        }
      ],
      "initial_release_date": "2025-10-15T00:00:00",
      "last_revision_date": "2025-10-15T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0871",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-10-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
        },
        {
          "published_at": "2025-10-14",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
        }
      ]
    }

    CERTFR-2025-AVI-0679

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

    Fortinet indique avoir connaissance de code d'exploitation public pour la vulnérabilité CVE-2025-25256.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.3
    Fortinet FortiRecorder FortiRecorder versions antérieures à 7.0.5
    Fortinet FortiMail FortiMail versions antérieures à 7.4.4
    Fortinet FortiSIEM FortiSIEM versions 7.1.x antérieures à 7.1.8
    Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
    Fortinet FortiManager FortiManager versions antérieures à 7.0.14
    Fortinet FortiNDR FortiNDR versions antérieures à 7.4.7
    Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.1
    Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.7
    Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.4
    Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.10
    Fortinet FortiWeb FortiWeb versions 7.2.x antérieures à 7.2.11
    Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.5
    Fortinet FortiSOAR FortiSOAR versions antérieures à 7.5.2
    Fortinet FortiOS FortiOS versions antérieures à 7.4.8
    Fortinet FortiPAM FortiPAM versions 1.5.x antérieures à 1.5.1
    Fortinet FortiCamera FortiCamera versions 2.1.x toutes versions
    Fortinet FortiWeb FortiWeb versions 7.0.x antérieures à 7.0.11
    Fortinet FortiPAM FortiPAM versions antérieures à 1.4.3
    Fortinet FortiSwitchManager FortiSwitchManager versions 7.2.x antérieures à 7.2.4
    Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.9
    Fortinet FortiManager FortiManager Cloud versions antérieures à 7.2.10
    Fortinet FortiSwitchManager FortiSwitchManager versions 7.0.x antérieures à 7.0.4
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.2
    Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.3
    Fortinet FortiSIEM FortiSIEM versions 7.3.x antérieures à 7.3.2
    Fortinet FortiSIEM FortiSIEM versions 7.2.x antérieures à 7.2.6
    Fortinet FortiSIEM FortiSIEM versions antérieures à 6.7.10
    Fortinet FortiADC FortiADC versions 7.2.x antérieures à 7.2.1
    Fortinet FortiSIEM FortiSIEM versions 7.0.x antérieures à 7.0.4
    Fortinet FortiCamera FortiCamera versions antérieures à 2.0.1
    Fortinet FortiManager FortiManager Cloud versions 7.4.x antérieures à 7.4.6
    Fortinet FortiProxy FortiProxy versions antérieures à 7.4.4
    Fortinet FortiVoice FortiVoice versions antérieures à 6.4.10
    Fortinet FortiADC FortiADC versions antérieures à 7.1.2
    Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.2
    Fortinet FortiSOAR FortiSOAR versions 7.6.x antérieures à 7.6.2
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.8",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.14",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.4.7",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.5.2",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiCamera versions 2.1.x toutes versions",
          "product": {
            "name": "FortiCamera",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4.3",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "FortiSwitchManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions  ant\u00e9rieures \u00e0 7.2.10",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
          "product": {
            "name": "FortiSwitchManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.7.10",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.0.1",
          "product": {
            "name": "FortiCamera",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.2",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSOAR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
          "product": {
            "name": "FortiSOAR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-25248",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25248"
        },
        {
          "name": "CVE-2025-47857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47857"
        },
        {
          "name": "CVE-2025-32766",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32766"
        },
        {
          "name": "CVE-2024-48892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48892"
        },
        {
          "name": "CVE-2025-53744",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53744"
        },
        {
          "name": "CVE-2024-52964",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52964"
        },
        {
          "name": "CVE-2025-49813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-49813"
        },
        {
          "name": "CVE-2025-25256",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"
        },
        {
          "name": "CVE-2025-52970",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"
        },
        {
          "name": "CVE-2025-27759",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27759"
        },
        {
          "name": "CVE-2025-32932",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32932"
        },
        {
          "name": "CVE-2024-26009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-26009"
        },
        {
          "name": "CVE-2024-40588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-40588"
        },
        {
          "name": "CVE-2023-45584",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45584"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0679",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-08-13T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique avoir connaissance de code d\u0027exploitation public pour la vuln\u00e9rabilit\u00e9 CVE-2025-25256.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-501",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-501"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-421",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-421"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-173",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-173"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-152",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-152"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-042",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-042"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-150",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-150"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-383",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-383"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-364",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-364"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-253",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-253"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-309",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-309"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-513",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-513"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-448",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-448"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-473",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-473"
        },
        {
          "published_at": "2025-08-12",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-209",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-209"
        }
      ]
    }

    CERTFR-2025-AVI-0399

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Fortinet indique que la vulnérabilité CVE-2025-32756 est activement exploitée.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiClient FortiClientMac versions 7.4.x antérieures à 7.4.3
    Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.10
    Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.5
    Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.7
    Fortinet FortiNDR FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5
    Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.1
    Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.2
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.3
    Fortinet FortiClientEMS FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.3
    Fortinet FortiRecorder FortiRecorder versions 7.0.x antérieures à 7.0.6
    Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.8
    Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.1
    Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.4
    Fortinet FortiNDR FortiNDR versions antérieures à 7.0.7
    Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.8
    Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.2
    Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.1
    Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.7
    Fortinet FortiClient FortiClientMac versions 7.x antérieures à 7.2.9
    Fortinet FortiRecorder FortiRecorder versions 6.4.x antérieures à 6.4.6
    Fortinet FortiClient FortiClientWindows versions 7.2.x antérieures à 7.2.2
    Fortinet FortiCamera FortiCamera versions antérieures à 2.1.4
    Fortinet FortiPortal FortiPortal versions 7.4.x antérieures à 7.4.2
    Fortinet FortiClientEMS FortiClientEMS versions 7.4.x antérieures à 7.4.3
    Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.6
    Fortinet FortiOS FortiOS versions antérieures à 7.0.15
    Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.8
    Fortinet FortiVoice FortiVoiceUCDesktop versions antérieures à 7.0
    Fortinet FortiVoice FortiVoice versions 6.4.x antérieures à 6.4.11
    Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.8
    Fortinet FortiMail FortiMail versions 7.0.x antérieures à 7.0.9
    Fortinet FortiPortal FortiPortal versions 7.2.x antérieures à 7.2.6
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiClientEMS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientMac versions 7.x ant\u00e9rieures \u00e0 7.2.9",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
          "product": {
            "name": "FortiClient",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
          "product": {
            "name": "FortiCamera",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
          "product": {
            "name": "FortiClientEMS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
          "product": {
            "name": "FortiSwitch",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoiceUCDesktop versions ant\u00e9rieures \u00e0 7.0",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
          "product": {
            "name": "FortiPortal",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-25251",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-25251"
        },
        {
          "name": "CVE-2025-47294",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47294"
        },
        {
          "name": "CVE-2025-24473",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24473"
        },
        {
          "name": "CVE-2024-54020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-54020"
        },
        {
          "name": "CVE-2025-46777",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-46777"
        },
        {
          "name": "CVE-2024-35281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-35281"
        },
        {
          "name": "CVE-2025-32756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
        },
        {
          "name": "CVE-2025-22252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22252"
        },
        {
          "name": "CVE-2025-47295",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47295"
        },
        {
          "name": "CVE-2025-22859",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22859"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0399",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-05-13T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-32756 est activement exploit\u00e9e.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-472",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
        },
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-552",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
        },
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-381",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-381"
        },
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-548",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
        },
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-025",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
        },
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-388",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-388"
        },
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-380",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-380"
        },
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-016",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
        },
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
        },
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-023",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
        }
      ]
    }

    CERTFR-2025-AVI-0259

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiDDoS FortiDDoS versions antérieures à 5.4.3
    Fortinet FortiDDoS-CM FortiDDOS-CM versions antérieures à 5.4.1
    Fortinet FortiMail FortiMail versions 6.4.x antérieures à 6.4.2
    Fortinet FortiVoice FortiVoice versions antérieures à 6.0.7
    Fortinet FortiMail FortiMail versions 6.2.x antérieures à 6.2.5
    Fortinet FortiRecorder FortiRecorder versions antérieures à 6.0.4
    Fortinet FortiMail FortiMail versions antérieures à 6.0.10
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.4.3",
          "product": {
            "name": "FortiDDoS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiDDOS-CM versions ant\u00e9rieures \u00e0 5.4.1",
          "product": {
            "name": "FortiDDoS-CM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.0.7",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 6.2.x ant\u00e9rieures \u00e0 6.2.5",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.0.4",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions ant\u00e9rieures \u00e0 6.0.10",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2021-24008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-24008"
        },
        {
          "name": "CVE-2020-15933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-15933"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0259",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-04-01T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2025-03-28",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-105",
          "url": "https://www.fortiguard.com/psirt/FG-IR-20-105"
        }
      ]
    }

    CERTFR-2025-AVI-0197

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Fortinet FortiMail FortiMail versions antérieures à 7.4.4
    Fortinet FortiNDR FortiNDR versions 7.1.x antérieures à 7.1.2
    Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.5
    Fortinet FortiADC FortiADC versions antérieures à 7.1.4
    Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 7.2.6
    Fortinet FortiAnalyzer FortiAnalyzer-BigData versions antérieures à 7.2.8
    Fortinet FortiManager FortiManager versions antérieures à 7.2.6
    Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.4
    Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.20
    Fortinet N/A FortiSRA versions 1.4.x antérieures à 1.4.3
    Fortinet FortiSIEM FortiSIEM versions antérieures à 7.3
    Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.10
    Fortinet FortiPAM FortiPAM versions antérieures à 1.3.2
    Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.13
    Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.7
    Fortinet FortiPAM FortiPAM versions 1.4.x antérieures à 1.4.3
    Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.1
    Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.4
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.2
    Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.1
    Fortinet FortiAnalyzer FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2
    Fortinet FortiOS FortiOS versions 7.0.x antérieures à 7.0.16
    Fortinet FortiNDR FortiNDR versions antérieures à 7.0.6
    Fortinet FortiNDR FortiNDR versions 7.2.x antérieures à 7.2.2
    Fortinet FortiWeb FortiWeb versions antérieures à 7.6.1
    Fortinet FortiOS FortiOS versions antérieures à 6.4.16
    Fortinet FortiADC FortiADC versions 7.2.x antérieures à 7.2.2
    Fortinet N/A FortiIsolator versions 2.4.x antérieures à 2.4.6
    Fortinet FortiSandbox FortiSandbox versions 5.0.x antérieures à 5.0.1
    Fortinet FortiADC FortiADC versions 7.4.x antérieures à 7.4.1
    Fortinet FortiSandbox FortiSandbox versions antérieures à 4.4.7
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
          "product": {
            "name": "FortiManager",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
          "product": {
            "name": "FortiSIEM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
          "product": {
            "name": "FortiPAM",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiProxy",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
          "product": {
            "name": "FortiAnalyzer",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiWeb",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
          "product": {
            "name": "FortiOS",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
          "product": {
            "name": "FortiADC",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
          "product": {
            "name": "FortiSandbox",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-54026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
        },
        {
          "name": "CVE-2024-45328",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
        },
        {
          "name": "CVE-2024-46663",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
        },
        {
          "name": "CVE-2024-54018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
        },
        {
          "name": "CVE-2024-54027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
        },
        {
          "name": "CVE-2023-42784",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
        },
        {
          "name": "CVE-2023-48790",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
        },
        {
          "name": "CVE-2024-32123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
        },
        {
          "name": "CVE-2024-55590",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
        },
        {
          "name": "CVE-2024-52960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
        },
        {
          "name": "CVE-2023-40723",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
        },
        {
          "name": "CVE-2023-37933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
        },
        {
          "name": "CVE-2024-55597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
        },
        {
          "name": "CVE-2024-55592",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
        },
        {
          "name": "CVE-2024-33501",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
        },
        {
          "name": "CVE-2024-52961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
        },
        {
          "name": "CVE-2024-45324",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
        },
        {
          "name": "CVE-2024-55594",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
        }
      ],
      "links": [],
      "reference": "CERTFR-2025-AVI-0197",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-03-12T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
          "url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
        },
        {
          "published_at": "2025-03-11",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
          "url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
        }
      ]
    }

    CVE-2025-53681 (GCVE-0-2025-53681)

    Vulnerability from nvd – Published: 2026-05-12 16:54 – Updated: 2026-07-08 12:48
    VLAI
    Summary
    An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:26.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an SQL Command (\"SQL Injection\u0026\") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:48:43.347Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-132",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-132"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiMail version 7.6.4 or above\nUpgrade to FortiMail version 7.4.6 or above\nUpgrade to FortiMail version 7.2.9 or above\nFortinet remediated this issue in FortiMail Cloud version 25.2 and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53681",
        "datePublished": "2026-05-12T16:54:11.052Z",
        "dateReserved": "2025-07-08T09:23:05.011Z",
        "dateUpdated": "2026-07-08T12:48:43.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55717 (GCVE-0-2025-55717)

    Vulnerability from nvd – Published: 2026-03-10 16:44 – Updated: 2026-03-10 20:32
    VLAI
    Summary
    A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiVoice Affected: 7.2.0
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
        cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiRecorder Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
    Affected: 6.4.0 , ≤ 6.4.6 (semver)
        cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55717",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T20:29:35.564450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T20:32:47.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiVoice",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiRecorder",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.3",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.6",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user\u0027s secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:08.324Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-080",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-080"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiVoice version 7.2.1 or above\nUpgrade to FortiVoice version 7.0.7 or above\nUpgrade to FortiMail version 7.6.3 or above\nUpgrade to FortiMail version 7.4.5 or above\nUpgrade to FortiMail version 7.2.8 or above\nUpgrade to FortiMail version 7.0.9 or above\nUpgrade to FortiRecorder version 7.2.4 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-55717",
        "datePublished": "2026-03-10T16:44:08.324Z",
        "dateReserved": "2025-08-14T12:37:31.087Z",
        "dateUpdated": "2026-03-10T20:32:47.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54972 (GCVE-0-2025-54972)

    Vulnerability from nvd – Published: 2025-11-18 17:01 – Updated: 2026-01-14 09:15
    VLAI
    Summary
    An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-93 - Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.9 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54972",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-19T14:27:05.795266Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-19T14:27:11.711Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.9",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of crlf sequences (\u0027crlf injection\u0027) vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:15:54.810Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-634",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-634"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiMail version 8.0.0 or above\nUpgrade to FortiMail version 7.6.4 or above\nUpgrade to FortiMail version 7.4.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-54972",
        "datePublished": "2025-11-18T17:01:15.406Z",
        "dateReserved": "2025-08-04T08:14:35.422Z",
        "dateUpdated": "2026-01-14T09:15:54.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-47569 (GCVE-0-2024-47569)

    Vulnerability from nvd – Published: 2025-10-14 15:23 – Updated: 2026-02-10 07:22
    VLAI
    Summary
    A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiManager Cloud Affected: 7.4.1 , ≤ 7.4.3 (semver)
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiTester Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.3.0 , ≤ 7.3.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0
    Affected: 4.2.0 , ≤ 4.2.1 (semver)
        cpe:2.3:a:fortinet:fortitester:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiNDR Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
    Affected: 1.5.0 , ≤ 1.5.3 (semver)
        cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.1 , ≤ 7.4.3 (semver)
        cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0
    Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
    Affected: 7.0.0 , ≤ 7.0.15 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiRecorder Affected: 7.2.0 , ≤ 7.2.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.4 (semver)
        cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.10 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiMail Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.6 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiWeb Affected: 7.6.0
    Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
    Affected: 6.4.0 , ≤ 6.4.3 (semver)
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiVoice Affected: 7.0.0 , ≤ 7.0.4 (semver)
    Affected: 6.4.0 , ≤ 6.4.9 (semver)
    Affected: 6.0.7 , ≤ 6.0.12 (semver)
        cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47569",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T15:31:45.922521Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T15:31:53.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortitester:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiTester",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.3.2",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.3",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "lessThanOrEqual": "4.2.1",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.3",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.15",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiRecorder",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.10",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.6",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.3",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiVoice",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.12",
                  "status": "affected",
                  "version": "6.0.7",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T07:22:21.025Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-228",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-228"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiManager Cloud version 7.4.4 or above\nUpgrade to FortiTester version 7.6.0 or above\nUpgrade to FortiTester version 7.4.3 or above\nUpgrade to FortiNDR version 7.6.2 or above\nUpgrade to FortiNDR version 7.4.9 or above\nUpgrade to FortiManager version 7.6.2 or above\nUpgrade to FortiManager version 7.4.4 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiPAM version 1.4.0 or above\nFortinet remediated this issue in FortiSASE version 24.3.b and hence customers do not need to perform any action.\nUpgrade to FortiOS version 7.6.1 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.9 or above\nUpgrade to FortiOS version 7.0.16 or above\nUpgrade to FortiOS version 6.4.16 or above\nUpgrade to FortiRecorder version 7.2.2 or above\nUpgrade to FortiRecorder version 7.0.5 or above\nUpgrade to FortiProxy version 7.4.5 or above\nUpgrade to FortiProxy version 7.2.11 or above\nUpgrade to FortiMail version 7.6.0 or above\nUpgrade to FortiMail version 7.4.3 or above\nUpgrade to FortiMail version 7.2.7 or above\nUpgrade to FortiWeb version 7.6.1 or above\nUpgrade to FortiWeb version 7.4.5 or above\nUpgrade to FortiVoice version 7.2.0 or above\nUpgrade to FortiVoice version 7.0.5 or above\nUpgrade to FortiVoice version 6.4.10 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-47569",
        "datePublished": "2025-10-14T15:23:03.965Z",
        "dateReserved": "2024-09-27T16:19:24.136Z",
        "dateUpdated": "2026-02-10T07:22:21.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-40588 (GCVE-0-2024-40588)

    Vulnerability from nvd – Published: 2025-08-12 18:59 – Updated: 2026-01-14 09:17
    VLAI
    Summary
    Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiCamera Affected: 2.1.0 , ≤ 2.1.4 (semver)
    Affected: 2.0.0
    Affected: 1.1.0 , ≤ 1.1.5 (semver)
    Affected: 1.0.3 , ≤ 1.0.5 (semver)
        cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiNDR Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
        cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.9 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiRecorder Affected: 7.2.0 , ≤ 7.2.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.4 (semver)
    Affected: 6.4.0 , ≤ 6.4.6 (semver)
        cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiVoice Affected: 7.0.0 , ≤ 7.0.3 (semver)
    Affected: 6.4.0 , ≤ 6.4.9 (semver)
    Affected: 6.0.0 , ≤ 6.0.12 (semver)
        cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T19:38:50.113803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T19:39:38.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiCamera",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.4",
                  "status": "affected",
                  "version": "2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "lessThanOrEqual": "1.1.5",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.5",
                  "status": "affected",
                  "version": "1.0.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.9",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.8",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiRecorder",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.6",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiVoice",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.12",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:17:11.543Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiCamera version 2.0.1 or above\nUpgrade to FortiNDR version 7.6.2 or above\nUpgrade to FortiNDR version 7.4.7 or above\nUpgrade to FortiMail version 7.6.2 or above\nUpgrade to FortiMail version 7.4.4 or above\nUpgrade to FortiRecorder version 7.2.2 or above\nUpgrade to FortiRecorder version 7.0.5 or above\nUpgrade to FortiFone version 3.0.24 or above\nUpgrade to FortiVoice version 7.2.0 or above\nUpgrade to FortiVoice version 7.0.5 or above\nUpgrade to FortiVoice version 6.4.10 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-40588",
        "datePublished": "2025-08-12T18:59:11.807Z",
        "dateReserved": "2024-07-05T11:55:50.010Z",
        "dateUpdated": "2026-01-14T09:17:11.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32756 (GCVE-0-2025-32756)

    Vulnerability from nvd – Published: 2025-05-13 14:46 – Updated: 2026-02-26 18:28
    VLAI CISA KEVIntel
    Summary
    A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Execute unauthorized code or commands
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiNDR Affected: 7.6.0
    Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.4 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
    Affected: 1.5.0 , ≤ 1.5.3 (semver)
    Affected: 1.4.0
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0
        cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiCamera Affected: 2.1.0 , ≤ 2.1.3 (semver)
    Affected: 2.0.0
    Affected: 1.1.0 , ≤ 1.1.5 (semver)
        cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiRecorder Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.0.0 , ≤ 7.0.5 (semver)
    Affected: 6.4.0 , ≤ 6.4.5 (semver)
        cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiVoice Affected: 7.2.0
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
        cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32756",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-15T04:01:18.017087Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-05-14",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:36.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-05-14T00:00:00.000Z",
                "value": "CVE-2025-32756 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.3",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.4.0"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiCamera",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.3",
                  "status": "affected",
                  "version": "2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "lessThanOrEqual": "1.1.5",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiRecorder",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.3",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.5",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiVoice",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-15T12:54:22.845Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiNDR version 7.6.1 or above\nUpgrade to FortiNDR version 7.4.8 or above\nUpgrade to FortiNDR version 7.2.5 or above\nUpgrade to FortiNDR version 7.0.7 or above\nUpgrade to FortiCamera version 2.1.4 or above\nUpgrade to FortiRecorder version 7.2.4 or above\nUpgrade to FortiRecorder version 7.0.6 or above\nUpgrade to FortiRecorder version 6.4.6 or above\nUpgrade to FortiVoice version 7.2.1 or above\nUpgrade to FortiVoice version 7.0.7 or above\nUpgrade to FortiVoice version 6.4.11 or above\nUpgrade to FortiMail version 7.6.3 or above\nUpgrade to FortiMail version 7.4.5 or above\nUpgrade to FortiMail version 7.2.8 or above\nUpgrade to FortiMail version 7.0.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-32756",
        "datePublished": "2025-05-13T14:46:44.208Z",
        "dateReserved": "2025-04-10T08:12:12.347Z",
        "dateUpdated": "2026-02-26T18:28:36.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33302 (GCVE-0-2023-33302)

    Vulnerability from nvd – Published: 2025-03-31 14:58 – Updated: 2025-03-31 15:30
    VLAI
    Summary
    A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNDR Affected: 7.2.0
    Affected: 7.1.0
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
    Affected: 1.5.0 , ≤ 1.5.3 (semver)
    Affected: 1.4.0
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0
    Create a notification for this product.
    Fortinet FortiMail Affected: 6.4.0 , ≤ 6.4.4 (semver)
    Affected: 6.2.0 , ≤ 6.2.6 (semver)
    Affected: 6.0.0 , ≤ 6.0.10 (semver)
    Affected: 5.4.0 , ≤ 5.4.12 (semver)
    Affected: 5.3.12 , ≤ 5.3.13 (semver)
    Affected: 5.3.0 , ≤ 5.3.10 (semver)
    Affected: 5.2.0 , ≤ 5.2.10 (semver)
    Affected: 5.1.0 , ≤ 5.1.7 (semver)
    Affected: 5.0.0 , ≤ 5.0.11 (semver)
        cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33302",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T15:28:51.596601Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T15:30:12.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.3",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.4.0"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.4",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.6",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.10",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.12",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.13",
                  "status": "affected",
                  "version": "5.3.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.10",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.10",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.1.7",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.11",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Fortinet  FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T14:58:11.960Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiMail version 7.0.0 or above\nPlease upgrade to FortiMail version 6.4.5 or above\nPlease upgrade to FortiMail version 6.2.7 or above\nPlease upgrade to FortiMail version 6.0.11 or above\nPlease upgrade to FortiNDR version 7.2.1 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-33302",
        "datePublished": "2025-03-31T14:58:11.960Z",
        "dateReserved": "2023-05-22T07:58:22.197Z",
        "dateUpdated": "2025-03-31T15:30:12.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24008 (GCVE-0-2021-24008)

    Vulnerability from nvd – Published: 2025-03-28 10:13 – Updated: 2025-03-28 13:39
    VLAI
    Summary
    An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiDDoS Affected: 5.4.0
    Affected: 5.3.0 , ≤ 5.3.2 (semver)
    Affected: 5.2.0
    Affected: 5.1.0
    Affected: 5.0.0
    Affected: 4.7.0
    Affected: 4.6.0
    Affected: 4.5.0
    Affected: 4.4.0 , ≤ 4.4.2 (semver)
        cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiNDR Affected: 1.5.0 , ≤ 1.5.3 (semver)
    Affected: 1.4.0
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0
    Create a notification for this product.
    Fortinet FortiDDoS-CM Affected: 5.3.0
    Affected: 5.2.0
    Affected: 5.1.0
    Affected: 5.0.0
    Affected: 4.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-24008",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-28T13:38:44.887350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T13:39:11.758Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiDDoS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.4.0"
                },
                {
                  "lessThanOrEqual": "5.3.2",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                },
                {
                  "status": "affected",
                  "version": "4.7.0"
                },
                {
                  "status": "affected",
                  "version": "4.6.0"
                },
                {
                  "status": "affected",
                  "version": "4.5.0"
                },
                {
                  "lessThanOrEqual": "4.4.2",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.3",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.4.0"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiDDoS-CM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.0"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                },
                {
                  "status": "affected",
                  "version": "4.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-28T10:13:32.120Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-20-105",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-105"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiMail versions 6.0.10 or above.\n\r\nPlease upgrade to FortiMail versions 6.2.5 or above.\n\r\nPlease upgrade to FortiMail versions 6.4.2 or above."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2021-24008",
        "datePublished": "2025-03-28T10:13:32.120Z",
        "dateReserved": "2021-01-13T21:23:47.335Z",
        "dateUpdated": "2025-03-28T13:39:11.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26091 (GCVE-0-2021-26091)

    Vulnerability from nvd – Published: 2025-03-24 15:37 – Updated: 2025-03-31 18:11
    VLAI
    Summary
    A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-338 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 6.4.0 , ≤ 6.4.4 (semver)
    Affected: 6.2.0 , ≤ 6.2.9 (semver)
    Affected: 6.2.0 , < 6.2.* (semver)
        cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26091",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T18:11:46.513539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T18:11:58.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.*:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.4",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.9",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.2.*",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-338",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-24T15:37:58.370Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-031",
              "url": "https://fortiguard.com/advisory/FG-IR-21-031"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiMail version 7.0.0 or above\nPlease upgrade to FortiMail version 6.4.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2021-26091",
        "datePublished": "2025-03-24T15:37:58.370Z",
        "dateReserved": "2021-01-25T14:47:15.092Z",
        "dateUpdated": "2025-03-31T18:11:58.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47539 (GCVE-0-2023-47539)

    Vulnerability from nvd – Published: 2025-03-18 13:56 – Updated: 2026-02-26 19:09
    VLAI
    Summary
    An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 7.4.0
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47539",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-19T03:55:50.452939Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:24.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-18T13:56:56.681Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-439",
              "url": "https://fortiguard.com/psirt/FG-IR-23-439"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiMail version 7.4.1 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-47539",
        "datePublished": "2025-03-18T13:56:56.681Z",
        "dateReserved": "2023-11-06T10:35:25.828Z",
        "dateUpdated": "2026-02-26T19:09:24.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-46663 (GCVE-0-2024-46663)

    Vulnerability from nvd – Published: 2025-03-11 14:54 – Updated: 2026-02-26 19:09
    VLAI
    Summary
    A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Escalation of privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
    Affected: 6.4.0 , ≤ 6.4.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-46663",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T04:00:59.848767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:41.215Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.8",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Escalation of privilege",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T14:54:31.928Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-331",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-331"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiMail version 7.6.2 or above \nPlease upgrade to FortiMail version 7.4.4 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-46663",
        "datePublished": "2025-03-11T14:54:31.928Z",
        "dateReserved": "2024-09-11T12:14:59.204Z",
        "dateUpdated": "2026-02-26T19:09:41.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53681 (GCVE-0-2025-53681)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:54 – Updated: 2026-07-08 12:48
    VLAI
    Summary
    An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-12T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T03:58:26.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of special elements used in an SQL Command (\"SQL Injection\u0026\") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T12:48:43.347Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-132",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-132"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiMail version 7.6.4 or above\nUpgrade to FortiMail version 7.4.6 or above\nUpgrade to FortiMail version 7.2.9 or above\nFortinet remediated this issue in FortiMail Cloud version 25.2 and hence customers do not need to perform any action."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-53681",
        "datePublished": "2026-05-12T16:54:11.052Z",
        "dateReserved": "2025-07-08T09:23:05.011Z",
        "dateUpdated": "2026-07-08T12:48:43.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55717 (GCVE-0-2025-55717)

    Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-10 20:32
    VLAI
    Summary
    A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiVoice Affected: 7.2.0
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
        cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiRecorder Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
    Affected: 6.4.0 , ≤ 6.4.6 (semver)
        cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55717",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T20:29:35.564450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T20:32:47.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiVoice",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiRecorder",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.3",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.6",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user\u0027s secrets via CLI commands. Practical exploitability is limited by conditions out of the control of the attacker: An admin must log in to the targeted device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-10T16:44:08.324Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-080",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-080"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiVoice version 7.2.1 or above\nUpgrade to FortiVoice version 7.0.7 or above\nUpgrade to FortiMail version 7.6.3 or above\nUpgrade to FortiMail version 7.4.5 or above\nUpgrade to FortiMail version 7.2.8 or above\nUpgrade to FortiMail version 7.0.9 or above\nUpgrade to FortiRecorder version 7.2.4 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-55717",
        "datePublished": "2026-03-10T16:44:08.324Z",
        "dateReserved": "2025-08-14T12:37:31.087Z",
        "dateUpdated": "2026-03-10T20:32:47.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54972 (GCVE-0-2025-54972)

    Vulnerability from cvelistv5 – Published: 2025-11-18 17:01 – Updated: 2026-01-14 09:15
    VLAI
    Summary
    An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-93 - Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.3 (semver)
    Affected: 7.4.0 , ≤ 7.4.5 (semver)
    Affected: 7.2.0 , ≤ 7.2.9 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54972",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-19T14:27:05.795266Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-19T14:27:11.711Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.3",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.5",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.9",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper neutralization of crlf sequences (\u0027crlf injection\u0027) vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-93",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:15:54.810Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-634",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-634"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiMail version 8.0.0 or above\nUpgrade to FortiMail version 7.6.4 or above\nUpgrade to FortiMail version 7.4.6 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-54972",
        "datePublished": "2025-11-18T17:01:15.406Z",
        "dateReserved": "2025-08-04T08:14:35.422Z",
        "dateUpdated": "2026-01-14T09:15:54.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-47569 (GCVE-0-2024-47569)

    Vulnerability from cvelistv5 – Published: 2025-10-14 15:23 – Updated: 2026-02-10 07:22
    VLAI
    Summary
    A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiManager Cloud Affected: 7.4.1 , ≤ 7.4.3 (semver)
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiTester Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.3.0 , ≤ 7.3.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0
    Affected: 4.2.0 , ≤ 4.2.1 (semver)
        cpe:2.3:a:fortinet:fortitester:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiNDR Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.8 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
    Affected: 1.5.0 , ≤ 1.5.3 (semver)
        cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiManager Affected: 7.4.1 , ≤ 7.4.3 (semver)
        cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiPAM Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0 , ≤ 1.1.2 (semver)
    Affected: 1.0.0 , ≤ 1.0.3 (semver)
        cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiOS Affected: 7.6.0
    Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.8 (semver)
    Affected: 7.0.0 , ≤ 7.0.15 (semver)
    Affected: 6.4.0 , ≤ 6.4.15 (semver)
        cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiRecorder Affected: 7.2.0 , ≤ 7.2.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.4 (semver)
        cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiProxy Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.10 (semver)
    Affected: 7.0.0 , ≤ 7.0.23 (semver)
        cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiMail Affected: 7.4.0 , ≤ 7.4.2 (semver)
    Affected: 7.2.0 , ≤ 7.2.6 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiWeb Affected: 7.6.0
    Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.12 (semver)
    Affected: 7.0.0 , ≤ 7.0.12 (semver)
    Affected: 6.4.0 , ≤ 6.4.3 (semver)
        cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiVoice Affected: 7.0.0 , ≤ 7.0.4 (semver)
    Affected: 6.4.0 , ≤ 6.4.9 (semver)
    Affected: 6.0.7 , ≤ 6.0.12 (semver)
        cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47569",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-16T15:31:45.922521Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-16T15:31:53.740Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager Cloud",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortitester:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiTester",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.3.2",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.3",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "lessThanOrEqual": "4.2.1",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.8",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.3",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiManager",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiPAM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "lessThanOrEqual": "1.1.2",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiOS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.8",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.15",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.15",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiRecorder",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiProxy",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.10",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.23",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.4.2",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.6",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiWeb",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.12",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.3",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiVoice",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.12",
                  "status": "affected",
                  "version": "6.0.7",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiNDR 1.5 all versions, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.4, FortiProxy 7.2.0 through 7.2.10, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiTester 7.4.0 through 7.4.2, FortiTester 7.3 all versions, FortiTester 7.2 all versions, FortiTester 7.1 all versions, FortiTester 7.0 all versions, FortiTester 4.2 all versions, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0.7 through 6.0.12, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to disclose sensitive information via specially crafted packets."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-10T07:22:21.025Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-228",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-228"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiManager Cloud version 7.4.4 or above\nUpgrade to FortiTester version 7.6.0 or above\nUpgrade to FortiTester version 7.4.3 or above\nUpgrade to FortiNDR version 7.6.2 or above\nUpgrade to FortiNDR version 7.4.9 or above\nUpgrade to FortiManager version 7.6.2 or above\nUpgrade to FortiManager version 7.4.4 or above\nUpgrade to FortiPAM version 1.5.0 or above\nUpgrade to FortiPAM version 1.4.0 or above\nFortinet remediated this issue in FortiSASE version 24.3.b and hence customers do not need to perform any action.\nUpgrade to FortiOS version 7.6.1 or above\nUpgrade to FortiOS version 7.4.5 or above\nUpgrade to FortiOS version 7.2.9 or above\nUpgrade to FortiOS version 7.0.16 or above\nUpgrade to FortiOS version 6.4.16 or above\nUpgrade to FortiRecorder version 7.2.2 or above\nUpgrade to FortiRecorder version 7.0.5 or above\nUpgrade to FortiProxy version 7.4.5 or above\nUpgrade to FortiProxy version 7.2.11 or above\nUpgrade to FortiMail version 7.6.0 or above\nUpgrade to FortiMail version 7.4.3 or above\nUpgrade to FortiMail version 7.2.7 or above\nUpgrade to FortiWeb version 7.6.1 or above\nUpgrade to FortiWeb version 7.4.5 or above\nUpgrade to FortiVoice version 7.2.0 or above\nUpgrade to FortiVoice version 7.0.5 or above\nUpgrade to FortiVoice version 6.4.10 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-47569",
        "datePublished": "2025-10-14T15:23:03.965Z",
        "dateReserved": "2024-09-27T16:19:24.136Z",
        "dateUpdated": "2026-02-10T07:22:21.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-40588 (GCVE-0-2024-40588)

    Vulnerability from cvelistv5 – Published: 2025-08-12 18:59 – Updated: 2026-01-14 09:17
    VLAI
    Summary
    Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiCamera Affected: 2.1.0 , ≤ 2.1.4 (semver)
    Affected: 2.0.0
    Affected: 1.1.0 , ≤ 1.1.5 (semver)
    Affected: 1.0.3 , ≤ 1.0.5 (semver)
        cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiNDR Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.6 (semver)
    Affected: 7.2.0 , ≤ 7.2.5 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.7 (semver)
        cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.1 (semver)
    Affected: 7.4.0 , ≤ 7.4.3 (semver)
    Affected: 7.2.0 , ≤ 7.2.9 (semver)
    Affected: 7.0.0 , ≤ 7.0.9 (semver)
    Affected: 6.4.0 , ≤ 6.4.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiRecorder Affected: 7.2.0 , ≤ 7.2.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.4 (semver)
    Affected: 6.4.0 , ≤ 6.4.6 (semver)
        cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiVoice Affected: 7.0.0 , ≤ 7.0.3 (semver)
    Affected: 6.4.0 , ≤ 6.4.9 (semver)
    Affected: 6.0.0 , ≤ 6.0.12 (semver)
        cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T19:38:50.113803Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T19:39:38.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticamera:2.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiCamera",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.4",
                  "status": "affected",
                  "version": "2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "lessThanOrEqual": "1.1.5",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.0.5",
                  "status": "affected",
                  "version": "1.0.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortindr:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.6",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.5",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.1",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.3",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.9",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.8",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiRecorder",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.1",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.4",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.6",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiVoice",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.3",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.9",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.12",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-14T09:17:11.543Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-309"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to upcoming  FortiCamera version 2.0.1 or above\nUpgrade to FortiNDR version 7.6.2 or above\nUpgrade to FortiNDR version 7.4.7 or above\nUpgrade to FortiMail version 7.6.2 or above\nUpgrade to FortiMail version 7.4.4 or above\nUpgrade to FortiRecorder version 7.2.2 or above\nUpgrade to FortiRecorder version 7.0.5 or above\nUpgrade to FortiFone version 3.0.24 or above\nUpgrade to FortiVoice version 7.2.0 or above\nUpgrade to FortiVoice version 7.0.5 or above\nUpgrade to FortiVoice version 6.4.10 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2024-40588",
        "datePublished": "2025-08-12T18:59:11.807Z",
        "dateReserved": "2024-07-05T11:55:50.010Z",
        "dateUpdated": "2026-01-14T09:17:11.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32756 (GCVE-0-2025-32756)

    Vulnerability from cvelistv5 – Published: 2025-05-13 14:46 – Updated: 2026-02-26 18:28
    VLAI CISA KEVIntel
    Summary
    A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Execute unauthorized code or commands
    Assigner
    Impacted products
    Vendor Product Version
    Fortinet FortiNDR Affected: 7.6.0
    Affected: 7.4.0 , ≤ 7.4.7 (semver)
    Affected: 7.2.0 , ≤ 7.2.4 (semver)
    Affected: 7.1.0 , ≤ 7.1.1 (semver)
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
    Affected: 1.5.0 , ≤ 1.5.3 (semver)
    Affected: 1.4.0
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0
        cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiCamera Affected: 2.1.0 , ≤ 2.1.3 (semver)
    Affected: 2.0.0
    Affected: 1.1.0 , ≤ 1.1.5 (semver)
        cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiRecorder Affected: 7.2.0 , ≤ 7.2.3 (semver)
    Affected: 7.0.0 , ≤ 7.0.5 (semver)
    Affected: 6.4.0 , ≤ 6.4.5 (semver)
        cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiVoice Affected: 7.2.0
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
    Affected: 6.4.0 , ≤ 6.4.10 (semver)
        cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiMail Affected: 7.6.0 , ≤ 7.6.2 (semver)
    Affected: 7.4.0 , ≤ 7.4.4 (semver)
    Affected: 7.2.0 , ≤ 7.2.7 (semver)
    Affected: 7.0.0 , ≤ 7.0.8 (semver)
        cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32756",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-15T04:01:18.017087Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-05-14",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:36.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32756"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-05-14T00:00:00.000Z",
                "value": "CVE-2025-32756 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortindr:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "lessThanOrEqual": "7.4.7",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.1.1",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.3",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.4.0"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:forticamera:2.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:2.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:forticamera:1.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiCamera",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.3",
                  "status": "affected",
                  "version": "2.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "lessThanOrEqual": "1.1.5",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortirecorder:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiRecorder",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.2.3",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.5",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiVoice",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.4.10",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.6.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "7.6.2",
                  "status": "affected",
                  "version": "7.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.4.4",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.2.7",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-15T12:54:22.845Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-254"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to FortiNDR version 7.6.1 or above\nUpgrade to FortiNDR version 7.4.8 or above\nUpgrade to FortiNDR version 7.2.5 or above\nUpgrade to FortiNDR version 7.0.7 or above\nUpgrade to FortiCamera version 2.1.4 or above\nUpgrade to FortiRecorder version 7.2.4 or above\nUpgrade to FortiRecorder version 7.0.6 or above\nUpgrade to FortiRecorder version 6.4.6 or above\nUpgrade to FortiVoice version 7.2.1 or above\nUpgrade to FortiVoice version 7.0.7 or above\nUpgrade to FortiVoice version 6.4.11 or above\nUpgrade to FortiMail version 7.6.3 or above\nUpgrade to FortiMail version 7.4.5 or above\nUpgrade to FortiMail version 7.2.8 or above\nUpgrade to FortiMail version 7.0.9 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2025-32756",
        "datePublished": "2025-05-13T14:46:44.208Z",
        "dateReserved": "2025-04-10T08:12:12.347Z",
        "dateUpdated": "2026-02-26T18:28:36.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33302 (GCVE-0-2023-33302)

    Vulnerability from cvelistv5 – Published: 2025-03-31 14:58 – Updated: 2025-03-31 15:30
    VLAI
    Summary
    A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Execute unauthorized code or commands
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiNDR Affected: 7.2.0
    Affected: 7.1.0
    Affected: 7.0.0 , ≤ 7.0.6 (semver)
    Affected: 1.5.0 , ≤ 1.5.3 (semver)
    Affected: 1.4.0
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0
    Create a notification for this product.
    Fortinet FortiMail Affected: 6.4.0 , ≤ 6.4.4 (semver)
    Affected: 6.2.0 , ≤ 6.2.6 (semver)
    Affected: 6.0.0 , ≤ 6.0.10 (semver)
    Affected: 5.4.0 , ≤ 5.4.12 (semver)
    Affected: 5.3.12 , ≤ 5.3.13 (semver)
    Affected: 5.3.0 , ≤ 5.3.10 (semver)
    Affected: 5.2.0 , ≤ 5.2.10 (semver)
    Affected: 5.1.0 , ≤ 5.1.7 (semver)
    Affected: 5.0.0 , ≤ 5.0.11 (semver)
        cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.13:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.12:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.11:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33302",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T15:28:51.596601Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T15:30:12.990Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "lessThanOrEqual": "7.0.6",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.5.3",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.4.0"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.13:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.11:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:5.0.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.4",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.6",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.0.10",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.4.12",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.13",
                  "status": "affected",
                  "version": "5.3.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.3.10",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.2.10",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.1.7",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.0.11",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Fortinet  FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Execute unauthorized code or commands",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T14:58:11.960Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-023"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiMail version 7.0.0 or above\nPlease upgrade to FortiMail version 6.4.5 or above\nPlease upgrade to FortiMail version 6.2.7 or above\nPlease upgrade to FortiMail version 6.0.11 or above\nPlease upgrade to FortiNDR version 7.2.1 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-33302",
        "datePublished": "2025-03-31T14:58:11.960Z",
        "dateReserved": "2023-05-22T07:58:22.197Z",
        "dateUpdated": "2025-03-31T15:30:12.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24008 (GCVE-0-2021-24008)

    Vulnerability from cvelistv5 – Published: 2025-03-28 10:13 – Updated: 2025-03-28 13:39
    VLAI
    Summary
    An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiDDoS Affected: 5.4.0
    Affected: 5.3.0 , ≤ 5.3.2 (semver)
    Affected: 5.2.0
    Affected: 5.1.0
    Affected: 5.0.0
    Affected: 4.7.0
    Affected: 4.6.0
    Affected: 4.5.0
    Affected: 4.4.0 , ≤ 4.4.2 (semver)
        cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.4.2:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.4.1:*:*:*:*:*:*:*
        cpe:2.3:o:fortinet:fortiddos:4.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Fortinet FortiNDR Affected: 1.5.0 , ≤ 1.5.3 (semver)
    Affected: 1.4.0
    Affected: 1.3.0 , ≤ 1.3.1 (semver)
    Affected: 1.2.0
    Affected: 1.1.0
    Create a notification for this product.
    Fortinet FortiDDoS-CM Affected: 5.3.0
    Affected: 5.2.0
    Affected: 5.1.0
    Affected: 5.0.0
    Affected: 4.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-24008",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-28T13:38:44.887350Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T13:39:11.758Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:o:fortinet:fortiddos:4.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiDDoS",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.4.0"
                },
                {
                  "lessThanOrEqual": "5.3.2",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                },
                {
                  "status": "affected",
                  "version": "4.7.0"
                },
                {
                  "status": "affected",
                  "version": "4.6.0"
                },
                {
                  "status": "affected",
                  "version": "4.5.0"
                },
                {
                  "lessThanOrEqual": "4.4.2",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiNDR",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.3",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.4.0"
                },
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                }
              ]
            },
            {
              "cpes": [],
              "defaultStatus": "unaffected",
              "product": "FortiDDoS-CM",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.3.0"
                },
                {
                  "status": "affected",
                  "version": "5.2.0"
                },
                {
                  "status": "affected",
                  "version": "5.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                },
                {
                  "status": "affected",
                  "version": "4.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-28T10:13:32.120Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.fortinet.com/psirt/FG-IR-20-105",
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-20-105"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiMail versions 6.0.10 or above.\n\r\nPlease upgrade to FortiMail versions 6.2.5 or above.\n\r\nPlease upgrade to FortiMail versions 6.4.2 or above."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2021-24008",
        "datePublished": "2025-03-28T10:13:32.120Z",
        "dateReserved": "2021-01-13T21:23:47.335Z",
        "dateUpdated": "2025-03-28T13:39:11.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26091 (GCVE-0-2021-26091)

    Vulnerability from cvelistv5 – Published: 2025-03-24 15:37 – Updated: 2025-03-31 18:11
    VLAI
    Summary
    A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-338 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 6.4.0 , ≤ 6.4.4 (semver)
    Affected: 6.2.0 , ≤ 6.2.9 (semver)
    Affected: 6.2.0 , < 6.2.* (semver)
        cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:fortinet:fortimail:6.2.*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26091",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T18:11:46.513539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T18:11:58.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:fortinet:fortimail:6.2.*:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "lessThanOrEqual": "6.4.4",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.2.9",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.2.*",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-338",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-24T15:37:58.370Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-031",
              "url": "https://fortiguard.com/advisory/FG-IR-21-031"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiMail version 7.0.0 or above\nPlease upgrade to FortiMail version 6.4.5 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2021-26091",
        "datePublished": "2025-03-24T15:37:58.370Z",
        "dateReserved": "2021-01-25T14:47:15.092Z",
        "dateUpdated": "2025-03-31T18:11:58.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47539 (GCVE-0-2023-47539)

    Vulnerability from cvelistv5 – Published: 2025-03-18 13:56 – Updated: 2026-02-26 19:09
    VLAI
    Summary
    An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper access control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Fortinet FortiMail Affected: 7.4.0
        cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47539",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-19T03:55:50.452939Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:24.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:fortinet:fortimail:7.4.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "FortiMail",
              "vendor": "Fortinet",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper access control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-18T13:56:56.681Z",
            "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            "shortName": "fortinet"
          },
          "references": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-23-439",
              "url": "https://fortiguard.com/psirt/FG-IR-23-439"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Please upgrade to FortiMail version 7.4.1 or above"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "assignerShortName": "fortinet",
        "cveId": "CVE-2023-47539",
        "datePublished": "2025-03-18T13:56:56.681Z",
        "dateReserved": "2023-11-06T10:35:25.828Z",
        "dateUpdated": "2026-02-26T19:09:24.249Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CERTFR-2025-ALE-006

    Vulnerability from certfr_alerte - Published: - Updated:

    Le 13 mai 2025, Fortinet a publié un avis de sécurité concernant la vulnérabilité CVE-2025-32756. Celle-ci permet à un attaquant non authentifié d'exécuter du code arbitraire à distance.

    L'éditeur indique que cette vulnérabilité est activement exploitée. Les exploitations constatées jusqu'ici concernent les produits FortiVoice.

    Fortinet fournit également des marqueurs de compromission à rechercher.

    Solutions

    Le CERT-FR recommande l'application des correctifs dans les plus brefs délais, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Si cela n'est pas possible, l'éditeur recommande de désactiver l'interface de gestion. Le CERT-FR rappelle que l'exposition d'une interface de gestion sur Internet est contraire aux bonnes pratiques.

    Impacted products
    Vendor Product Description
    Fortinet FortiRecorder FortiRecorder versions 7.0.x antérieures à 7.0.6
    Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.4
    Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.1
    Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.5
    Fortinet FortiCamera FortiCamera versions antérieures à 2.1.4
    Fortinet FortiMail FortiMail versions 7.0.x antérieures à 7.0.9
    Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.1
    Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.8
    Fortinet FortiVoice FortiVoice versions 6.4.x antérieures à 6.4.11
    Fortinet FortiNDR FortiNDR versions antérieures à 7.0.7
    Fortinet FortiNDR FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5
    Fortinet FortiRecorder FortiRecorder versions 6.4.x antérieures à 6.4.6
    Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.8
    Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.7
    Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.3
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
          "product": {
            "name": "FortiCamera",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
          "product": {
            "name": "FortiNDR",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
          "product": {
            "name": "FortiRecorder",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
          "product": {
            "name": "FortiVoice",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        },
        {
          "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
          "product": {
            "name": "FortiMail",
            "vendor": {
              "name": "Fortinet",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "closed_at": "2025-06-24",
      "content": "## Solutions\n\nLe CERT-FR recommande l\u0027application des correctifs dans les plus brefs d\u00e9lais, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\n\n Si cela n\u0027est pas possible, l\u0027\u00e9diteur recommande de d\u00e9sactiver l\u0027interface de gestion. Le CERT-FR rappelle que l\u0027exposition d\u0027une interface de gestion sur Internet est contraire aux bonnes pratiques.",
      "cves": [
        {
          "name": "CVE-2025-32756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
        }
      ],
      "links": [
        {
          "title": "Avis CERT-FR CERTFR-2025-AVI-0399 du 13 mai 2025",
          "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0399/"
        }
      ],
      "reference": "CERTFR-2025-ALE-006",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-05-13T00:00:00.000000"
        },
        {
          "description": " Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
          "revision_date": "2025-06-24T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        }
      ],
      "summary": "Le 13 mai 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 CVE-2025-32756.  Celle-ci permet \u00e0 un attaquant non authentifi\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nL\u0027\u00e9diteur indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e. Les exploitations constat\u00e9es jusqu\u0027ici concernent les produits FortiVoice.\n\nFortinet fournit \u00e9galement des marqueurs de compromission \u00e0 rechercher.\n",
      "title": "Vuln\u00e9rabilit\u00e9 dans les produits Fortinet",
      "vendor_advisories": [
        {
          "published_at": "2025-05-13",
          "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
          "url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
        }
      ]
    }