Category: Fortinet PSIRT Advisories

CVSSv3 Score: 6.3 An Out-of-bounds Write vulnerability [CWE-787] in FortiADC may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests. Revised on 2025-11-18...

CVSSv3 Score: 6.3 A buffer overflow vulnerability [CWE-120] in FortiExtender json_cli may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands. Revised on 2025-11-18...

CVSSv3 Score: 6.9 A stack-based overflow vulnerability [CWE-124] in FortiOS CAPWAP daemon may allow a remote unauthenticated attacker on an adjacent network to achieve arbitrary code execution via sending specially crafted...

CVSSv3 Score: 7.7 An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiVoice may allow an authenticated attacker to execute unauthorized code or...

CVSSv3 Score: 1.8 An Improper Privilege Management vulnerability [CWE-269] in FortiOS, FortiProxy and FortiPAM may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command. Revised on...

CVSSv3 Score: 6.9 A stack-based overflow vulnerability [CWE-124] in FortiOS and FortiSwitchManager CAPWAP daemon may allow a remote authenticated attacker to execute arbitrary code or command as a low privileged user via...

CVSSv3 Score: 4.8 A use of hard-coded credentials vulnerability [CWE-798] in the internal redis services in FortiWeb may allow an authenticated attacker with shell access to the device to connect to any running redis service and...

CVSSv3 Score: 9.1 A relative path traversal vulnerability [CWE-23] in FortiWeb may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.Fortinet has observed this...

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS and FortiProxy may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the...

A stack-based buffer overflow vulnerability [CWE-121] in FortiOS and FortiProxy may allow an authenticated attacker to achieve arbitrary code execution via certain CLI commands. Revised on 2025-10-14 00:00:00

A Weak authentication vulnerability [CWE 1390] in FortiPAM and FortiSwitch Manager WAD/GUI may allow an attacker to bypass the authentication process via a brute-force attack. Revised on 2025-10-14 00:00:00

A concurrent execution using shared resource with improper synchronization (‘Race Condition’) vulnerability [CWE-362] in FortiAnalyzer may allow an attacker to attempt to win a race condition to bypass the FortiCloud...