fortinet
1,122 tracked vulnerabilities.
CVE-2025-49201
HIGH
Fortinet FortiPAM 1.0.0-1.4.2 and FortiSwitchManager 7.2.0-7.2.4 - Weak Authentication
Oct 14, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-47890
LOW
Fortinet FortiOS 6.4.0-7.6.3, FortiProxy 7.0.0-7.6.3, FortiSASE 25.2.a - Open Redirect via Crafted HTTP Requests
Oct 14, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-46774
HIGH
FortiClient MacOS <7.4.2, <7.2.9, All - Privilege Escalation
Oct 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-31514
LOW
FortiOS 6.4.0-7.6.3 and FortiProxy 7.0.0-7.6.3 - Sensitive Information Disclosure in Log Files
Oct 14, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-31366
MEDIUM
Fortinet FortiOS 6.4.0-7.6.3, FortiProxy 7.0.0-7.6.3, FortiSASE 25.2.a - Unauthenticated XSS via Crafted HTTP Requests
Oct 14, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-31365
MEDIUM
FortiClientMac 7.2.1-7.2.8, 7.4.0-7.4.3 - Unauthenticated Remote Code Execution via Malicious Website
Oct 14, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-25255
MEDIUM
Fortinet FortiOS <7.6.3 - Auth Bypass
Oct 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-25253
HIGH
FortiProxy <7.6.1 - Improper Certificate Validation
Oct 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-25252
MEDIUM
FortiOS SSL VPN <7.6.2, 7.4.6, 7.2.10, 7.0.16, 6.4 - Info Disclosure
Oct 14, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-22258
MEDIUM
Fortinet <7.6.2 - Privilege Escalation
Oct 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-47856
HIGH
FortiVoice 7.2.0, 7.0.0-7.0.6, <6.4.10 - Authenticated OS Command Injection via HTTP/HTTPS or CLI Requests
Oct 14, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-22862
MEDIUM
FortiOS 7.0.6-7.4.7 and FortiProxy 7.0.5-7.6.2 - Authenticated Privilege Escalation via Automation Stitch Webhook Action
Oct 02, 2025
CVSS 6.7
EPSS 0.00
CVE-2025-53609
MEDIUM
FortiWeb <7.6.4-7.2.11-7.0.11 - Path Traversal
Sep 09, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-53744
HIGH
FortiOS Security Fabric <7.6.3 - Privilege Escalation
Aug 12, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-52970
HIGH
NUCLEI
Fortinet FortiWeb <7.6.3 - Privilege Escalation
Aug 12, 2025
CVSS 8.1
EPSS 0.20
CVE-2025-49813
HIGH
FortiADC 7.2.0 and < 7.1.1 - Authenticated OS Command Injection via HTTP Parameters
Aug 12, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-47857
MEDIUM
FortiWeb 7.4.1-7.4.7 and 7.6.0-7.6.3 - Authenticated OS Command Injection via CLI
Aug 12, 2025
CVSS 6.7
EPSS 0.00
CVE-2025-32932
MEDIUM
FortiSOAR < 7.5.2 - Authenticated Stored Cross-Site Scripting via Service Requests
Aug 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-32766
MEDIUM
FortiWeb 7.4.1-7.4.7 and 7.6.0-7.6.3 - Authenticated Stack-based Buffer Overflow via CLI Commands
Aug 12, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-27759
MEDIUM
FortiWeb 7.0.0-7.0.9, 7.2.0-7.2.10, 7.4.0-7.4.7, 7.6.0-7.6.3 - Authenticated OS Command Injection via CLI Commands
Aug 12, 2025
CVSS 6.7
EPSS 0.00
CVE-2025-25256
CRITICAL
NUCLEI
Fortinet FortiSIEM - OS Command Injection
Aug 12, 2025
CVSS 9.8
EPSS 0.40
CVE-2025-25248
MEDIUM
FortiOS, FortiProxy, FortiPAM - Authenticated Denial of Service via SSL-VPN RDP and VNC Bookmarks
Aug 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-25257
CRITICAL
KEVNUCLEI
Fortinet FortiWeb - SQL Injection
Jul 17, 2025
CVSS 9.8
EPSS 0.26
CVE-2025-24477
MEDIUM
FortiOS 7.2.4-7.2.12, 7.4.0-7.4.7, 7.6.0-7.6.2 - Heap-based Buffer Overflow via CLI Command
Jul 15, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-24474
LOW
FortiAnalyzer and FortiManager 6.4-7.6.1 - Authenticated SQL Injection
Jul 08, 2025
CVSS 2.7
EPSS 0.00
Products
fortios 267
fortiweb 124
fortiproxy 117
fortimanager 112
fortianalyzer 92
forticlient 85
fortisandbox 58
fortimail 46
fortiportal 44
fortiadc 43
fortisoar 31
fortinac 30
fortisiem 29
fortimanager_cloud 27
fortipam 25
fortivoice 24
fortiauthenticator 23
fortiwlm 23
fortiswitchmanager 19
fortinet_antivirus 18
fortianalyzer_cloud 17
fortitester 16
fortiwan 16
fortimanager_firmware 15
fortiswitch 14
fortiwlc 14
FortiOS 13
fortianalyzer_big_data 13
forticlientems 13
fortianalyzer_firmware 12
Quick Filters