Vulnerability-Lookup

CVE-2025-54659 (GCVE-0-2025-54659)

Vulnerability from cvelistv5 – Published: 2026-03-10 16:44 – Updated: 2026-03-10 17:41

Summary

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:R

CWE

CWE-22 - Information disclosure

Assigner

fortinet

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-26-084

Impacted products

	Vendor	Product	Version
	Fortinet	FortiSOAR Agent Communication Bridge	Affected: 1.1.0 Affected: 1.0.0 , ≤ 1.0.2 (semver) cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.1.0:::::::* cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.0.2:::::::* cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.0.1:::::::* cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-10T17:30:39.455177Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-10T17:41:32.111Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiSOAR Agent Communication Bridge",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.0"
            },
            {
              "lessThanOrEqual": "1.0.2",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-10T16:44:20.644Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-26-084",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-084"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiSOAR Agent Communication Bridge version 1.1.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-54659",
    "datePublished": "2026-03-10T16:44:20.644Z",
    "dateReserved": "2025-07-28T09:23:38.063Z",
    "dateUpdated": "2026-03-10T17:41:32.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54659\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2026-03-10T18:17:58.200\",\"lastModified\":\"2026-03-11T13:53:47.157\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-26-084\",\"source\":\"psirt@fortinet.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54659\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-10T17:30:39.455177Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-10T17:34:22.767Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:R\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.0.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:fortinet:fortisoaragentcommunicationbridge:1.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiSOAR Agent Communication Bridge\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\"}, {\"status\": \"affected\", \"version\": \"1.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.0.2\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to FortiSOAR Agent Communication Bridge version 1.1.1 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-26-084\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-26-084\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"Information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2026-03-10T16:44:20.644Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54659\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-10T17:41:32.111Z\", \"dateReserved\": \"2025-07-28T09:23:38.063Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2026-03-10T16:44:20.644Z\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-54659

Vulnerability from fkie_nvd - Published: 2026-03-10 18:17 - Updated: 2026-03-11 13:53

Severity ?

5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.fortinet.com/psirt/FG-IR-26-084

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port."
    },
    {
      "lang": "es",
      "value": "Una limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\u0027Salto de ruta\u0027) vulnerabilidad [CWE-22] vulnerabilidad en Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 todas las versiones puede permitir a un atacante no autenticado leer archivos accesibles para el usuario fortisoar en un sistema donde el agente est\u00e1 desplegado, mediante el env\u00edo de una solicitud manipulada al puerto del agente."
    }
  ],
  "id": "CVE-2025-54659",
  "lastModified": "2026-03-11T13:53:47.157",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-10T18:17:58.200",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-084"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Primary"
    }
  ]
}

GHSA-PFVW-QGRV-HGV6

Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31

Details

Severity ?

5.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-54659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-10T18:17:58Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.",
  "id": "GHSA-pfvw-qgrv-hgv6",
  "modified": "2026-03-10T18:31:18Z",
  "published": "2026-03-10T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54659"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-084"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2026-AVI-0265

Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

Concernant la vulnérabilité CVE-2025-66178, l'éditeur fournit certaines recommandations dans l'attente de la version correctrice.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientLinux versions 7.4.x antérieures à 7.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.6.x antérieures à 7.6.1
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.5
Fortinet	FortiClient	FortiClientLinux versions antérieures à 7.2.13
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.4.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.6.5
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.6.5
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.3
Fortinet	FortiDeceptor	FortiDeceptor toutes versions antérieures à 6.2.1
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.6.5
Fortinet	FortiSOAR	FortiSOAR Agent Communication Bridge versions antérieures à 1.1.1
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.7
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSIEM	FortiSIEM versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSIEM	FortiSIEM versions 7.3.x antérieures à 7.3.5
Fortinet	FortiWeb	FortiWeb versions 8.0.x antérieures à 8.0.4
Fortinet	FortiRecorder	FortiRecorder toutes versions antérieures à 7.2.4
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.4.5
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.8
Fortinet	FortiSwitch	FortiSwitchAXFixed versions 1.0.x antérieures à 1.0.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.6.5
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.9

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-26-078	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-096	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-098	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-080	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-088	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-094	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-092	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-090	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-081	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-095	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-093	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-083	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-087	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-079	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-086	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-077	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-082	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-097	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-085	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-091	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-089	2026-03-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-26-084	2026-03-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientLinux versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.8",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor toutes versions ant\u00e9rieures \u00e0 6.2.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR Agent Communication Bridge versions ant\u00e9rieures \u00e0 1.1.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder toutes versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchAXFixed versions 1.0.x ant\u00e9rieures \u00e0 1.0.2",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-30897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-30897"
    },
    {
      "name": "CVE-2025-53608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53608"
    },
    {
      "name": "CVE-2026-24017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24017"
    },
    {
      "name": "CVE-2025-68648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68648"
    },
    {
      "name": "CVE-2026-24640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24640"
    },
    {
      "name": "CVE-2026-22572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22572"
    },
    {
      "name": "CVE-2025-48418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48418"
    },
    {
      "name": "CVE-2025-48840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48840"
    },
    {
      "name": "CVE-2026-24641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24641"
    },
    {
      "name": "CVE-2026-22627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22627"
    },
    {
      "name": "CVE-2025-55717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55717"
    },
    {
      "name": "CVE-2026-24018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24018"
    },
    {
      "name": "CVE-2025-54820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54820"
    },
    {
      "name": "CVE-2025-49784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49784"
    },
    {
      "name": "CVE-2026-22629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22629"
    },
    {
      "name": "CVE-2025-66178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66178"
    },
    {
      "name": "CVE-2026-25689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25689"
    },
    {
      "name": "CVE-2026-25972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25972"
    },
    {
      "name": "CVE-2025-54659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54659"
    },
    {
      "name": "CVE-2025-68482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68482"
    },
    {
      "name": "CVE-2026-22628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22628"
    },
    {
      "name": "CVE-2026-25836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25836"
    }
  ],
  "initial_release_date": "2026-03-11T00:00:00",
  "last_revision_date": "2026-03-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0265",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-03-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nConcernant la vuln\u00e9rabilit\u00e9 CVE-2025-66178, l\u0027\u00e9diteur fournit certaines recommandations dans l\u0027attente de la version correctrice.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-078",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-078"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-096",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-096"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-098",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-098"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-080",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-080"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-088",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-088"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-094",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-094"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-092",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-092"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-090",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-090"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-081",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-081"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-095",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-095"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-093",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-093"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-083",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-083"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-087",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-087"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-079",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-079"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-086",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-086"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-077",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-077"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-082",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-082"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-097",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-097"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-085",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-085"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-091",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-091"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-089",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-089"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-084",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-084"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-54659 (GCVE-0-2025-54659)

FKIE_CVE-2025-54659

GHSA-PFVW-QGRV-HGV6

CERTFR-2026-AVI-0265

Solutions

Tags

Sightings

Nomenclature