Vulnerability-Lookup

CERTFR-2026-AVI-0035

Vulnerability from certfr_avis - Published: 2026-01-14 - Updated: 2026-01-14

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection SQL (SQLi).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientEMS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiSandbox	FortiSandbox toutes versions 4.0.x
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.3
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.12
Fortinet	FortiClient	FortiClientEMS toutes versions 7.0.x
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.17
Fortinet	FortiFone	FortiFone versions 3.0.x antérieures à 3.0.24
Fortinet	FortiSandbox	FortiSandbox toutes versions 4.4.x
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 5.0.5
Fortinet	FortiSIEM	FortiSIEM versions 7.1.x antérieures à 7.1.9
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.8
Fortinet	FortiSIEM	FortiSIEM versions 7.2.x antérieures à 7.2.7
Fortinet	FortiSASE	FortiSASE versions 25.x antérieures à 25.2.c
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.9
Fortinet	FortiClient	FortiClientEMS versions 7.2.x antérieures à 7.2.12
Fortinet	FortiFone	FortiFone versions 7.0.x antérieures à 7.0.2
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.6
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.18
Fortinet	FortiSIEM	FortiSIEM versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSIEM	FortiSIEM toutes versions 6.7.x
Fortinet	FortiSIEM	FortiSIEM versions 7.3.x antérieures à 7.3.5
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.7
Fortinet	FortiSandbox	FortiSandbox toutes versions 4.2.x
Fortinet	FortiSIEM	FortiSIEM toutes versions 7.0.x

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-783	2026-01-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-778	2026-01-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-084	2026-01-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-260	2026-01-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-735	2026-01-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-772	2026-01-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox toutes versions 4.0.x",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0  7.2.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0  6.4.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiFone versions 3.0.x ant\u00e9rieures \u00e0 3.0.24",
      "product": {
        "name": "FortiFone",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox toutes versions 4.4.x",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 5.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.9",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSASE versions 25.x ant\u00e9rieures \u00e0 25.2.c",
      "product": {
        "name": "FortiSASE",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiFone versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiFone",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0  7.0.18",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM toutes versions 6.7.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox toutes versions 4.2.x",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM toutes versions 7.0.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58693"
    },
    {
      "name": "CVE-2025-47855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47855"
    },
    {
      "name": "CVE-2025-59922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59922"
    },
    {
      "name": "CVE-2025-25249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25249"
    },
    {
      "name": "CVE-2025-67685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67685"
    },
    {
      "name": "CVE-2025-64155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64155"
    }
  ],
  "initial_release_date": "2026-01-14T00:00:00",
  "last_revision_date": "2026-01-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0035",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection SQL (SQLi).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-783",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-783"
    },
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-778",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-778"
    },
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-084",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-084"
    },
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-260",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-260"
    },
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-735",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-735"
    },
    {
      "published_at": "2026-01-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-772",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-772"
    }
  ]
}

CVE-2025-64155 (GCVE-0-2025-64155)

Vulnerability from cvelistv5 – Published: 2026-01-13 16:32 – Updated: 2026-01-14 09:16

Summary

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

Severity ?

9.4 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE

CWE-78 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-772

Impacted products

	Vendor	Product	Version
	Fortinet	FortiSIEM	Affected: 7.4.0 Affected: 7.3.0 , ≤ 7.3.4 (semver) Affected: 7.2.6 Affected: 7.1.8 Affected: 7.0.4 Affected: 6.7.10 cpe:2.3:a:fortinet:fortisiem:7.4.0:::::::* cpe:2.3:a:fortinet:fortisiem:7.3.4:::::::* cpe:2.3:a:fortinet:fortisiem:7.3.3:::::::* cpe:2.3:a:fortinet:fortisiem:7.3.2:::::::* cpe:2.3:a:fortinet:fortisiem:7.3.1:::::::* cpe:2.3:a:fortinet:fortisiem:7.3.0:::::::* cpe:2.3:a:fortinet:fortisiem:7.2.6:::::::* cpe:2.3:a:fortinet:fortisiem:7.1.8:::::::* cpe:2.3:a:fortinet:fortisiem:7.0.4:::::::* cpe:2.3:a:fortinet:fortisiem:6.7.10:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64155",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T04:57:27.806Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/horizon3ai/CVE-2025-64155"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisiem:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisiem:7.3.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisiem:7.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisiem:7.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisiem:7.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisiem:7.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisiem:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisiem:7.1.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisiem:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisiem:6.7.10:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSIEM",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.3.4",
              "status": "affected",
              "version": "7.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.1.8"
            },
            {
              "status": "affected",
              "version": "7.0.4"
            },
            {
              "status": "affected",
              "version": "6.7.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via  crafted TCP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T09:16:05.278Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-772",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-772"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSIEM version 7.5.0 or above\nUpgrade to FortiSIEM version 7.4.1 or above\nUpgrade to FortiSIEM version 7.3.5 or above\nUpgrade to FortiSIEM version 7.2.7 or above\nUpgrade to FortiSIEM version 7.1.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-64155",
    "datePublished": "2026-01-13T16:32:28.665Z",
    "dateReserved": "2025-10-28T12:26:50.750Z",
    "dateUpdated": "2026-01-14T09:16:05.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59922 (GCVE-0-2025-59922)

Vulnerability from cvelistv5 – Published: 2026-01-13 16:32 – Updated: 2026-01-14 09:16

Summary

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

CWE

CWE-89 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-735

Impacted products

	Vendor	Product	Version
	Fortinet	FortiClientEMS	Affected: 7.4.3 , ≤ 7.4.4 (semver) Affected: 7.4.0 , ≤ 7.4.1 (semver) Affected: 7.2.0 , ≤ 7.2.10 (semver) Affected: 7.0.0 , ≤ 7.0.13 (semver) cpe:2.3:a:fortinet:forticlientems:7.4.4:::::::* cpe:2.3:a:fortinet:forticlientems:7.4.3:::::::* cpe:2.3:a:fortinet:forticlientems:7.4.1:::::::* cpe:2.3:a:fortinet:forticlientems:7.4.0:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.10:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.9:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.8:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.7:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.6:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.5:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.4:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.3:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.2:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.1:::::::* cpe:2.3:a:fortinet:forticlientems:7.2.0:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.13:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.12:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.11:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.10:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.9:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.8:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.7:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.6:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.5:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.4:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.3:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.2:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.1:::::::* cpe:2.3:a:fortinet:forticlientems:7.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T21:39:37.452586Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T21:39:42.935Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:forticlientems:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:forticlientems:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiClientEMS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.10",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T09:16:14.334Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-735",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-735"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiClientEMS version 7.4.5 or above\nUpgrade to FortiClientEMS version 7.2.12 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-59922",
    "datePublished": "2026-01-13T16:32:28.715Z",
    "dateReserved": "2025-09-23T12:51:54.672Z",
    "dateUpdated": "2026-01-14T09:16:14.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58693 (GCVE-0-2025-58693)

Vulnerability from cvelistv5 – Published: 2026-01-13 16:32 – Updated: 2026-01-14 09:16

Summary

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.

Severity ?

5.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-22 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-778

Impacted products

	Vendor	Product	Version
	Fortinet	FortiVoice	Affected: 7.2.0 , ≤ 7.2.2 (semver) Affected: 7.0.0 , ≤ 7.0.7 (semver) cpe:2.3:a:fortinet:fortivoice:7.2.2:::::::* cpe:2.3:a:fortinet:fortivoice:7.2.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.2.0:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.7:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.6:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.5:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.4:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.3:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.2:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.1:::::::* cpe:2.3:a:fortinet:fortivoice:7.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58693",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T21:40:06.891342Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T21:40:13.485Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortivoice:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiVoice",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T09:16:23.320Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-778",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-778"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiVoice version 7.2.3 or above\nUpgrade to FortiVoice version 7.0.8 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-58693",
    "datePublished": "2026-01-13T16:32:29.011Z",
    "dateReserved": "2025-09-03T11:48:42.097Z",
    "dateUpdated": "2026-01-14T09:16:23.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-25249 (GCVE-0-2025-25249)

Vulnerability from cvelistv5 – Published: 2026-01-13 16:32 – Updated: 2026-01-14 09:16

Summary

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSASE 25.2.b, FortiSASE 25.1.a.2, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C

CWE

CWE-122 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-084

Impacted products

Vendor

Product

Version

Fortinet

FortiSwitchManager

Affected: 7.2.2 , ≤ 7.2.5 (semver)
    cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*

	Fortinet	FortiSASE	Affected: 25.1.a.2 cpe:2.3:a:fortinet:fortisase:25.1.a.2:::::::*
	Fortinet	FortiOS	Affected: 7.6.0 , ≤ 7.6.2 (semver) Affected: 7.4.0 , ≤ 7.4.7 (semver) Affected: 7.2.4 , ≤ 7.2.11 (semver) cpe:2.3:o:fortinet:fortios:7.6.2:::::::* cpe:2.3:o:fortinet:fortios:7.6.1:::::::* cpe:2.3:o:fortinet:fortios:7.6.0:::::::* cpe:2.3:o:fortinet:fortios:7.4.7:::::::* cpe:2.3:o:fortinet:fortios:7.4.6:::::::* cpe:2.3:o:fortinet:fortios:7.4.5:::::::* cpe:2.3:o:fortinet:fortios:7.4.4:::::::* cpe:2.3:o:fortinet:fortios:7.4.3:::::::* cpe:2.3:o:fortinet:fortios:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.4.1:::::::* cpe:2.3:o:fortinet:fortios:7.4.0:::::::* cpe:2.3:o:fortinet:fortios:7.2.11:::::::* cpe:2.3:o:fortinet:fortios:7.2.10:::::::* cpe:2.3:o:fortinet:fortios:7.2.9:::::::* cpe:2.3:o:fortinet:fortios:7.2.8:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.2.6:::::::* cpe:2.3:o:fortinet:fortios:7.2.5:::::::* cpe:2.3:o:fortinet:fortios:7.2.4:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-25249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-14T04:57:24.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.2:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSwitchManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisase:25.1.a.2:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSASE",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "25.1.a.2"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.2",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.7",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.11",
              "status": "affected",
              "version": "7.2.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSASE 25.2.b, FortiSASE 25.1.a.2, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T09:16:21.077Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-084",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-084"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSwitchManager version 7.2.7 or above\nUpgrade to FortiSwitchManager version 7.0.6 or above\nFortinet remediated this issue in FortiSASE version 25.2.c and hence customers do not need to perform any action.\nFortinet remediated this issue in FortiSASE version 25.1.b and hence customers do not need to perform any action.\nUpgrade to upcoming  FortiOS version 8.0.0 or above\nUpgrade to FortiOS version 7.6.4 or above\nUpgrade to FortiOS version 7.4.9 or above\nUpgrade to FortiOS version 7.2.12 or above\nUpgrade to FortiOS version 7.0.18 or above\nUpgrade to upcoming  FortiOS version 6.4.17 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-25249",
    "datePublished": "2026-01-13T16:32:35.662Z",
    "dateReserved": "2025-02-05T13:31:18.866Z",
    "dateUpdated": "2026-01-14T09:16:21.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-67685 (GCVE-0-2025-67685)

Vulnerability from cvelistv5 – Published: 2026-01-13 16:32 – Updated: 2026-01-14 09:19

Summary

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.

Severity ?

3.4 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CWE

CWE-918 - Improper access control

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-783

Impacted products

	Vendor	Product	Version
	Fortinet	FortiSandbox	Affected: 5.0.0 , ≤ 5.0.4 (semver) Affected: 4.4.0 , ≤ 4.4.8 (semver) Affected: 4.2.1 , ≤ 4.2.8 (semver) Affected: 4.0.0 , ≤ 4.0.6 (semver) cpe:2.3:a:fortinet:fortisandbox:5.0.4:::::::* cpe:2.3:a:fortinet:fortisandbox:5.0.3:::::::* cpe:2.3:a:fortinet:fortisandbox:5.0.2:::::::* cpe:2.3:a:fortinet:fortisandbox:5.0.1:::::::* cpe:2.3:a:fortinet:fortisandbox:5.0.0:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.8:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.7:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.6:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.5:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.4:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.3:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.2:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.1:::::::* cpe:2.3:a:fortinet:fortisandbox:4.4.0:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.8:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.7:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.6:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.5:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.4:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.3:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.2:::::::* cpe:2.3:a:fortinet:fortisandbox:4.2.1:::::::* cpe:2.3:a:fortinet:fortisandbox:4.0.6:::::::* cpe:2.3:a:fortinet:fortisandbox:4.0.5:::::::* cpe:2.3:a:fortinet:fortisandbox:4.0.4:::::::* cpe:2.3:a:fortinet:fortisandbox:4.0.3:::::::* cpe:2.3:a:fortinet:fortisandbox:4.0.2:::::::* cpe:2.3:a:fortinet:fortisandbox:4.0.1:::::::* cpe:2.3:a:fortinet:fortisandbox:4.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-67685",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T21:40:40.225433Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T21:40:45.869Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisandbox:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSandbox",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "5.0.4",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.8",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.2.8",
              "status": "affected",
              "version": "4.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T09:19:01.948Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-783",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-783"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSandbox version 5.0.5 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-67685",
    "datePublished": "2026-01-13T16:32:29.301Z",
    "dateReserved": "2025-12-10T10:45:43.496Z",
    "dateUpdated": "2026-01-14T09:19:01.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-47855 (GCVE-0-2025-47855)

Vulnerability from cvelistv5 – Published: 2026-01-13 16:32 – Updated: 2026-01-14 09:16

Summary

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests.

Severity ?

9.3 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C

CWE

CWE-200 - Improper access control

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-260

Impacted products

	Vendor	Product	Version
	Fortinet	FortiFone	Affected: 7.0.0 , ≤ 7.0.1 (semver) Affected: 3.0.13 , ≤ 3.0.23 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47855",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T21:40:59.597483Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T21:41:05.497Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiFone",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "3.0.23",
              "status": "affected",
              "version": "3.0.13",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T09:16:17.029Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-260",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-260"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiFone version 7.2.0 or above\nUpgrade to FortiFone version 7.0.2 or above\nUpgrade to FortiFone version 3.0.24 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-47855",
    "datePublished": "2026-01-13T16:32:29.539Z",
    "dateReserved": "2025-05-12T13:58:15.235Z",
    "dateUpdated": "2026-01-14T09:16:17.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2026-AVI-0035

Solutions

CVE-2025-64155 (GCVE-0-2025-64155)

CVE-2025-59922 (GCVE-0-2025-59922)

CVE-2025-58693 (GCVE-0-2025-58693)

CVE-2025-25249 (GCVE-0-2025-25249)

CVE-2025-67685 (GCVE-0-2025-67685)

CVE-2025-47855 (GCVE-0-2025-47855)

Tags

Sightings

Nomenclature