fortinet
1,125 tracked vulnerabilities.
CVE-2025-64155
CRITICAL
FortiSIEM 6.7.0-6.7.10, 7.0.0-7.0.4, 7.1.0-7.1.8, 7.3.0-7.3.4, 7.4.0 - OS Command Injection via TCP Requests
Jan 13, 2026
CVSS 9.8
EPSS 0.43
CVE-2025-59922
HIGH
Fortinet FortiClientEMS 7.0.0-7.2.10, 7.4.0-7.4.4 - Authenticated SQL Injection via HTTP Requests
Jan 13, 2026
CVSS 7.2
EPSS 0.07
CVE-2025-58693
MEDIUM
Fortinet FortiVoice <7.2.2 - Path Traversal
Jan 13, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-47855
CRITICAL
Fortinet FortiFone <7.0.2 - Info Disclosure
Jan 13, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-25249
HIGH
Fortinet FortiOS <7.6.3 - Buffer Overflow
Jan 13, 2026
CVSS 8.1
EPSS 0.01
CVE-2025-64471
MEDIUM
Fortinet FortiWeb <8.0.1 - Use After Free
Dec 09, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-64447
HIGH
FortiWeb 7.0.0-7.0.11, 7.2.0-7.2.11, 7.4.0-7.4.10, 7.6.0-7.6.5, 8.0.0-8.0.1 - Arbitrary Operations via Forged Cookies
Dec 09, 2025
CVSS 8.1
EPSS 0.07
CVE-2025-64156
HIGH
FortiVoice 6.0.0-6.0.11, 6.4.0-6.4.x, 7.0.0-7.0.7, 7.2.0-7.2.2 - Authenticated SQL Injection
Dec 09, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-64153
HIGH
FortiExtender Firmware 7.0.0-7.0.3, 7.2.0-7.2.x, 7.4.0-7.4.7, 7.6.0-7.6.3 - OS Command Injection
Dec 09, 2025
CVSS 7.2
EPSS 0.02
CVE-2025-62631
MEDIUM
FortiOS 6.4.0-6.4.15, 7.0.0-7.0.18, 7.2.0-7.2.12, 7.4.0 - Insufficient Session Expiration via SSLVPN
Dec 09, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-60024
HIGH
FortiVoice 7.0.0-7.0.7 - Authenticated Path Traversal and Arbitrary File Write via HTTP/HTTPS Commands
Dec 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-59923
LOW
Fortinet FortiAuthenticator 6.3.0-6.6.6 - Authenticated Credential Disclosure via Crafted Requests
Dec 09, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-59810
MEDIUM
FortiSOAR 7.3.0-7.5.1, 7.6.0-7.6.2 - Authenticated Information Disclosure via Crafted Requests
Dec 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59808
MEDIUM
Fortinet FortiSOAR <7.6.2 - Info Disclosure
Dec 09, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-59719
CRITICAL
FortiWeb 7.4.0-7.4.9, 7.6.0-7.6.4, 8.0.0 - Unauthenticated SAML Authentication Bypass via Crafted SAML Response
Dec 09, 2025
CVSS 9.8
EPSS 0.24
CVE-2025-59718
CRITICAL
KEV
Fortinet FortiOS/FortiProxy/FortiSwitchManager SAML Signature Verification Bypass
Dec 09, 2025
CVSS 9.8
EPSS 0.66
CVE-2025-57823
LOW
Fortinet FortiAuthenticator <6.6.7 - Info Disclosure
Dec 09, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-54838
MEDIUM
FortiPortal 7.4.0-7.4.5 - Authenticated Incorrect Authorization via Crafted HTTP Requests
Dec 09, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-54353
MEDIUM
FortiSandbox 4.0.0-4.0.5, 4.2.0-4.2.x, 4.4.0-4.4.7, 5.0.0-5.0.2 - Cross-Site Scripting via Crafted HTTP Requests
Dec 09, 2025
CVSS 5.4
EPSS 0.06
CVE-2025-53949
HIGH
Fortinet FortiSandbox <5.0.2 - Command Injection
Dec 09, 2025
CVSS 7.2
EPSS 0.16
CVE-2025-53679
HIGH
Fortinet FortiSandbox <5.0.2 - Command Injection
Dec 09, 2025
CVSS 7.2
EPSS 0.11
CVE-2025-58412
MEDIUM
Fortinet FortiADC 7.2.0-7.6.3, 8.0.0 - Cross-Site Scripting via Crafted URL
Nov 19, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-61713
MEDIUM
Fortinet FortiPAM <1.6.0 - Info Disclosure
Nov 18, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-59669
MEDIUM
FortiWeb 7.0.0-7.6.0 - Authenticated Use of Hard-coded Credentials in Redis Service
Nov 18, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-58692
HIGH
Fortinet FortiVoice <7.2.2 - SQL Injection
Nov 18, 2025
CVSS 8.8
EPSS 0.00
Products
fortios 268
fortiweb 124
fortiproxy 118
fortimanager 112
fortianalyzer 92
forticlient 85
fortisandbox 59
fortimail 46
fortiportal 45
fortiadc 43
FortiOS 40
fortisoar 31
fortinac 30
fortisiem 29
fortimanager_cloud 27
fortipam 25
fortivoice 24
FortiProxy 23
fortiauthenticator 23
fortiwlm 23
fortiswitchmanager 19
fortinet_antivirus 18
fortianalyzer_cloud 17
fortitester 16
fortiwan 16
fortimanager_firmware 15
fortiswitch 14
fortiwlc 14
fortianalyzer_big_data 13
forticlientems 13
Quick Filters