PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here. And, for recommended upgrade path, see our Upgrade Path Tool Table.
PSIRT
Description
Affected Products
Updated Date
Component
Severity
FG-IR-24-473 Arbitrary file overwrite in FGFMd
CVE-2024-52964
CVE-2024-52964
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22]...
FortiManager
7.6.1, 7.6.0, 7.4.5, 7.4.4, 7.4.3 ...
FortiManager Cloud
7.4.5, 7.4.4, 7.4.3, 7.4.2, 7.4.1 ...
Aug 13, 2025
Published:Aug 12, 2025
Aug 13, 2025
Published: Aug 12, 2025
OTHERS
OTHERS
Medium
Medium
Severity
FG-IR-23-209 Double free in automation-stitch
CVE-2023-45584
CVE-2023-45584
A double free vulnerability [CWE-415] in FortiOS, FortiProxy & FortiPAM administrative interfaces may...
FortiOS
7.4.0, 7.2.5, 7.2.4, 7.2.3, 7.2.2 ...
FortiPAM
1.1.2, 1.1.1, 1.1.0, 1.0.3, 1.0.2 ...
FortiProxy
7.4.1, 7.4.0, 7.2.7, 7.2.6, 7.2.5 ...
Published:
Aug 12, 2025
Aug 12, 2025
Published: Aug 12, 2025
GUI
GUI
Medium
Medium
Severity
FG-IR-25-173 Incorrect Privilege Assignment in Security Fabric
CVE-2025-53744
CVE-2025-53744
An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric may allow a remote...
FortiOS
7.6.2, 7.6.1, 7.6.0, 7.4.7, 7.4.6 ...
Published:
Aug 12, 2025
Aug 12, 2025
Published: Aug 12, 2025
OTHERS
OTHERS
Medium
Medium
Severity
FG-IR-24-364 Integer Overflow on SSL-VPN bookmarks
CVE-2025-25248
CVE-2025-25248
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS, FortiPAM and FortiProxy SSL-VPN RDP...
FortiOS
7.6.2, 7.6.1, 7.6.0, 7.4.7, 7.4.6 ...
FortiPAM
1.5.0, 1.4.2, 1.4.1, 1.4.0, 1.3.1 ...
FortiProxy
7.6.2, 7.6.1, 7.6.0, 7.4.3, 7.4.2 ...
Published:
Aug 12, 2025
Aug 12, 2025
Published: Aug 12, 2025
SSL-VPN
SSL-VPN
Medium
Medium
Severity
FG-IR-24-042 Weak authentication - FGFM protocol
CVE-2024-26009
CVE-2024-26009
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in FortiOS, FortiProxy...
FortiOS
6.4.15, 6.4.14, 6.4.13, 6.4.12, 6.4.11 ...
FortiPAM
1.2.0, 1.1.2, 1.1.1, 1.1.0, 1.0.3 ...
FortiProxy
7.4.2, 7.4.1, 7.4.0, 7.2.8, 7.2.7 ...
FortiSwitchManager
7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.3 ...
Published:
Aug 12, 2025
Aug 12, 2025
Published: Aug 12, 2025
OTHERS
OTHERS
High
High
Severity
FG-IR-25-122 Pre-authentication Denial of Service attack in OpenSSH - CVE-2025-26466
CVE-2025-26466
CVE-2025-26466
CVE-2025-26466A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a...
FortiADC
7.6.1
FortiADCManager
7.6.0
FortiAnalyzer
7.6.2, 7.6.1, 7.6.0, 7.4.6, 7.4.5 ...
FortiAnalyzer-BigData
7.4.3, 7.4.2, 7.2.9, 7.2.8
FortiDDoS-F
7.0.4, 7.0.3, 7.0.2, 7.0.1
FortiManager
7.6.2, 7.6.1, 7.6.0, 7.4.6, 7.4.5 ...
FortiNDR
7.6.1, 7.6.0, 7.4.8, 7.4.7, 7.4.6 ...
Jul 30, 2025
Published:Mar 11, 2025
Jul 30, 2025
Published: Mar 11, 2025
CLI
CLI
Medium
Medium
Severity
FG-IR-24-255 RADIUS Protocol CVE-2024-3596
CVE-2024-3596
CVE-2024-3596
A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the...
FortiADC
7.6.0, 7.4.5, 7.4.4, 7.4.3, 7.4.2 ...
FortiAnalyzer
7.6.0, 7.4.5, 7.4.4, 7.4.3, 7.4.2 ...
FortiAuthenticator
6.6.2, 6.6.1, 6.6.0, 6.5.5, 6.5.4 ...
FortiGuest
1.3.0, 1.2.1, 1.2.0, 1.1.0, 1.0.0 ...
FortiManager
7.6.1, 7.6.0, 7.4.5, 7.4.4, 7.4.3 ...
FortiOS
7.6.0, 7.4.5, 7.4.4, 7.4.3, 7.4.2 ...
FortiProxy
7.4.5, 7.4.4, 7.4.3, 7.4.2, 7.4.1 ...
FortiSandbox
5.0.0, 4.4.6, 4.4.5, 4.4.4, 4.4.3 ...
FortiSwitch
7.4.0, 7.2.5, 7.2.4, 7.2.3, 7.2.2 ...
FortiWeb
7.6.0, 7.4.4, 7.4.3, 7.4.2, 7.4.1 ...
Jul 10, 2025
Published:Aug 13, 2024
Jul 10, 2025
Published: Aug 13, 2024
OTHERS
OTHERS
Medium
Medium
Severity
FG-IR-24-437 SQL injection in forward module
CVE-2025-24474
CVE-2025-24474
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability...
FortiAnalyzer
7.6.1, 7.6.0, 7.4.6, 7.4.5, 7.4.4 ...
FortiAnalyzer Cloud
7.4.6, 7.4.5, 7.4.4, 7.4.3, 7.4.2 ...
FortiManager
7.6.1, 7.6.0, 7.4.6, 7.4.5, 7.4.4 ...
FortiManager Cloud
7.4.6, 7.4.5, 7.4.4, 7.4.3, 7.4.2 ...
Jul 09, 2025
Published:Jul 08, 2025
Jul 09, 2025
Published: Jul 08, 2025
GUI
GUI
Low
Low
Severity
FG-IR-24-053 DNS type 65 resource record requests bypass DNS filter
CVE-2024-55599
CVE-2024-55599
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS and FortiProxy...
FortiOS
7.6.0, 7.4.7, 7.4.6, 7.4.5, 7.4.4 ...
FortiProxy
7.6.1, 7.6.0, 7.4.8, 7.4.7, 7.4.6 ...
FortiSASE
24.4.a
Published:
Jul 08, 2025
Jul 08, 2025
Published: Jul 08, 2025
OTHERS
OTHERS
Medium
Medium
Severity
FG-IR-25-026 Heap-based buffer overflow in cw_stad daemon
CVE-2025-24477
CVE-2025-24477
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS cw_stad daemon may allow an authenticated...
FortiOS
7.6.2, 7.6.1, 7.6.0, 7.4.7, 7.4.6 ...
Published:
Jul 08, 2025
Jul 08, 2025
Published: Jul 08, 2025
OTHERS
OTHERS
Medium
Medium
Severity
FG-IR-24-511 PKI via API: Authentication granted with an invalid certificate
CVE-2024-52965
CVE-2024-52965
A missing critical step in authentication vulnerability [CWE-304] in FortiOS & FortiProxy may allow an...
FortiOS
7.6.1, 7.6.0, 7.4.5, 7.4.4, 7.4.3 ...
FortiProxy
7.6.1, 7.6.0, 7.4.8, 7.4.7, 7.4.6 ...
Published:
Jul 08, 2025
Jul 08, 2025
Published: Jul 08, 2025
GUI
GUI
Medium
Medium
Severity
FG-IR-24-035 Session still active for deleted admin
CVE-2024-27779
CVE-2024-27779
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox & FortiIsolator may allow a...
FortiIsolator
2.4.4, 2.4.3, 2.4.2, 2.4.1, 2.4.0 ...
FortiSandbox
4.4.4, 4.4.3, 4.4.2, 4.4.1, 4.4.0 ...
Published:
Jul 08, 2025
Jul 08, 2025
Published: Jul 08, 2025
CLI
CLI
Medium
Medium
Severity
FG-IR-23-446 FortiOS - IP address validation mishandles zero characters
CVE-2024-26015
CVE-2024-26015
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiOS and FortiProxy...
FortiOS
7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.8 ...
FortiProxy
7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.14 ...
Jul 04, 2025
Published:Jul 09, 2024
Jul 04, 2025
Published: Jul 09, 2024
Low
Low
Severity
FG-IR-24-036 Buffer overflow in fgfmd
CVE-2024-26010
CVE-2024-26010
A stack-based overflow vulnerability [CWE-124] in FortiOS, FortiProxy, FortiPAM and FortiSwitchManager may...
FortiOS
7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.7 ...
FortiPAM
1.2.0, 1.1.2, 1.1.1, 1.1.0, 1.0.3 ...
FortiProxy
7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.9 ...
FortiSwitchManager
7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.3 ...
Published:
Jun 23, 2025
Jun 23, 2025
Published: Jun 23, 2025
Medium
Medium
Severity
FG-IR-24-287 Firewall session injection in FGSP
CVE-2025-22251
CVE-2025-22251
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS...
FortiOS
7.6.0, 7.4.5, 7.4.4, 7.4.3, 7.4.2 ...
Published:
Jun 10, 2025
Jun 10, 2025
Published: Jun 10, 2025
OTHERS
OTHERS
Low
Low
Severity