fortinet
1,125 tracked vulnerabilities.
CVE-2025-53681
HIGH
Fortinet FortiMail - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
May 12, 2026
CVSS 7.2
EPSS 0.00
CVE-2025-53680
MEDIUM
Fortinet FortiAP - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
May 12, 2026
CVSS 6.7
EPSS 0.01
CVE-2025-68649
MEDIUM
Fortinet FortiManager and FortiAnalyzer <= 7.6.4, <= 7.4.7, 7.2 all, 7.0 all - Path Traversal via CLI Requests
Apr 14, 2026
CVSS 6.0
EPSS 0.00
CVE-2025-61886
MEDIUM
FortiSandbox 5.0.0-5.0.4 and FortiSandbox PaaS 5.0.0-5.0.4 - Cross-Site Scripting via Crafted HTTP Requests
Apr 14, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-61848
HIGH
FortiManager and FortiAnalyzer - Authenticated SQL Injection via JSON RPC API
Apr 14, 2026
CVSS 7.2
EPSS 0.01
CVE-2025-61624
MEDIUM
Fortinet FortiOS/FortiProxy/FortiSwitchManager/FortiPAM - Authenticated Path Traversal & Arbitrary File Write via CLI
Apr 14, 2026
CVSS 6.0
EPSS 0.00
CVE-2025-59809
MEDIUM
FortiSOAR 7.3.0-7.6.4 - Authenticated Server-Side Request Forgery
Apr 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-53847
MEDIUM
Fortinet FortiOS <7.6.3 - Auth Bypass
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-68648
HIGH
Fortinet FortiAnalyzer/FortiManager - Memory Corruption
Mar 10, 2026
CVSS 7.2
EPSS 0.01
CVE-2025-68482
MEDIUM
Fortinet FortiAnalyzer/FortiManager - Info Disclosure
Mar 10, 2026
CVSS 6.9
EPSS 0.00
CVE-2025-66178
HIGH
Fortinet FortiWeb - Command Injection
Mar 10, 2026
CVSS 7.2
EPSS 0.02
CVE-2025-55717
MEDIUM
Fortinet FortiMail/FortiRecorder/FortiVoice - Info Disclosure
Mar 10, 2026
CVSS 4.0
EPSS 0.00
CVE-2025-54820
HIGH
Fortinet FortiManager - Buffer Overflow
Mar 10, 2026
CVSS 8.1
EPSS 0.01
CVE-2025-54659
MEDIUM
FortiSOAR Agent Communication Bridge 1.1.0/1.0 - Path Traversal
Mar 10, 2026
CVSS 5.8
EPSS 0.00
CVE-2025-53608
MEDIUM
FortiSandbox 4.0.0-4.4.7, 5.0.0-5.0.2 - Authenticated Cross-Site Scripting
Mar 10, 2026
CVSS 4.8
EPSS 0.00
CVE-2025-49784
MEDIUM
Fortinet FortiAnalyzer - SQL Injection
Mar 10, 2026
CVSS 6.0
EPSS 0.00
CVE-2025-48840
MEDIUM
Fortinet FortiWeb 7.0-7.6.3 - Auth Bypass
Mar 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-48418
MEDIUM
Fortinet FortiAnalyzer/FortiManager - Auth Bypass
Mar 10, 2026
CVSS 6.7
EPSS 0.01
CVE-2025-68686
MEDIUM
Fortinet FortiOS <7.6.1 - Info Disclosure
Feb 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-64157
MEDIUM
FortiOS 7.0-7.6.4 - Authenticated Use of Externally-Controlled Format String via Configuration
Feb 10, 2026
CVSS 6.7
EPSS 0.01
CVE-2025-62676
HIGH
FortiClientWindows 7.0-7.4.4 - Arbitrary File Write via Crafted Named Pipe Messages
Feb 10, 2026
CVSS 7.1
EPSS 0.00
CVE-2025-62439
MEDIUM
Fortinet FortiOS <7.6.4 - Info Disclosure
Feb 10, 2026
CVSS 4.2
EPSS 0.00
CVE-2025-55018
MEDIUM
Fortinet FortiOS 7.6.0, 7.4.0-7.4.9, 7.2.0-7.2.12, 7.0.0-7.0.18, 6.4.3-6.4.15 - HTTP Request Smuggling
Feb 10, 2026
CVSS 5.8
EPSS 0.00
CVE-2025-52436
HIGH
FortiSandbox 4.0.0-4.4.7, 5.0.0-5.0.1 - Unauthenticated Cross-Site Scripting
Feb 10, 2026
CVSS 8.8
EPSS 0.06
CVE-2025-67685
LOW
FortiSandbox 4.0.0-4.4.0, 5.0.0-5.0.4 - Authenticated Server-Side Request Forgery via Crafted HTTP Requests
Jan 13, 2026
CVSS 3.8
EPSS 0.00
Products
fortios 268
fortiweb 124
fortiproxy 118
fortimanager 112
fortianalyzer 92
forticlient 85
fortisandbox 59
fortimail 46
fortiportal 45
fortiadc 43
FortiOS 40
fortisoar 31
fortinac 30
fortisiem 29
fortimanager_cloud 27
fortipam 25
fortivoice 24
FortiProxy 23
fortiauthenticator 23
fortiwlm 23
fortiswitchmanager 19
fortinet_antivirus 18
fortianalyzer_cloud 17
fortitester 16
fortiwan 16
fortimanager_firmware 15
fortiswitch 14
fortiwlc 14
fortianalyzer_big_data 13
forticlientems 13
Quick Filters