Author: Cyberthreat Blog

CVSSv3 Score: 5.0 An Improper Isolation or Compartmentalization vulnerability [CWE-653] in FortiSandbox may allow an unauthenticated attacker to evade the sandboxing scan via a crafted file. Revised on 2025-11-18...

CVSSv3 Score: 5.2 An insufficiently protected credentials vulnerability [CWE-522] in FortiExtender may allow an authenticated user to obtain administrator credentials via debug log commands. Revised on 2025-11-18...

CVSSv3 Score: 3.9 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiADC Logs may allow an admin with read-only permission to get the external resources password via the logs of the...

CVSSv3 Score: 4.9 An active debug code vulnerability [CWE-489] in FortiClientWindows may allow a local attacker to run the application step by step and retrieve the saved VPN user password Revised on 2025-11-18...

CVSSv3 Score: 6.3 An Out-of-bounds Write vulnerability [CWE-787] in FortiADC may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests. Revised on 2025-11-18...