Fortinet Products Multiple Vulnerabilities
RISK: High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege, sensitive information disclosure and security restriction bypass on the targeted system.
[Updated on 2026-01-26]
Updated Description, Risk level changed to high, and Related Links.
Note: CVE-2025-59718 is being exploited in the wild. This vulnerability may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Hence, the risk level is rated as High Risk.
Impact
- Security Restriction Bypass
- Information Disclosure
- Elevation of Privilege
- Remote Code Execution
System / Technologies affected
FortiAnalyzer
- FortiAnalyzer 7.2.0 through 7.2.5
- FortiAnalyzer 7.4.0 through 7.4.2
FortiAuthenticator
- FortiAuthenticator 6.3 all versions
- FortiAuthenticator 6.4 all versions
- FortiAuthenticator 6.5 all versions
- FortiAuthenticator 6.6.0 through 6.6.6
FortiManager
- FortiManager 6.4 all versions
- FortiManager 7.0 all versions
- FortiManager 7.2.0 through 7.2.5
- FortiManager 7.4.0 through 7.4.2
FortiOS
- FortiOS 6.4 all versions
- FortiOS 7.0 all versions
- FortiOS 7.2 all versions
- FortiOS 7.4.0 through 7.4.8
- FortiOS 7.6.0 through 7.6.3
FortiPortal
- FortiPortal 6.0 all versions
FortiProxy
- FortiProxy 7.0.0 through 7.0.21
- FortiProxy 7.2.0 through 7.2.14
- FortiProxy 7.4.0 through 7.4.10
- FortiProxy 7.6.0 through 7.6.3
FortiSwitchManager
- FortiSwitchManager 7.0.0 through 7.0.5
- FortiSwitchManager 7.2.0 through 7.2.6
FortiWeb
- FortiWeb 7.0.0 through 7.0.11
- FortiWeb 7.2.0 through 7.2.11
- FortiWeb 7.4.0 through 7.4.10
- FortiWeb 7.6.0 through 7.6.5
- FortiWeb 8.0.0 through 8.0.1
FortiPAM
- FortiPAM 1.0 all versions
- FortiPAM 1.1 all versions
- FortiPAM 1.2 all versions
- FortiPAM 1.3 all versions
- FortiPAM 1.4 all versions
FortiSASE
- FortiSASE 24.1.b
FortiSRA
- FortiSRA 1.4 all versions
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://fortiguard.fortinet.com/psirt/FG-IR-24-133
- https://fortiguard.fortinet.com/psirt/FG-IR-24-268
- https://fortiguard.fortinet.com/psirt/FG-IR-25-411
- https://fortiguard.fortinet.com/psirt/FG-IR-25-554
- https://fortiguard.fortinet.com/psirt/FG-IR-25-616
- https://fortiguard.fortinet.com/psirt/FG-IR-25-647
- https://fortiguard.fortinet.com/psirt/FG-IR-25-945
- https://fortiguard.fortinet.com/psirt/FG-IR-25-984
Vulnerability Identifier
- CVE-2024-40593
- CVE-2024-47570
- CVE-2025-57823
- CVE-2025-59718
- CVE-2025-59719
- CVE-2025-59923
- CVE-2025-62631
- CVE-2025-64447
- CVE-2025-64471
Source
Related Link
- https://fortiguard.fortinet.com/psirt/FG-IR-24-133
- https://fortiguard.fortinet.com/psirt/FG-IR-24-268
- https://fortiguard.fortinet.com/psirt/FG-IR-25-411
- https://fortiguard.fortinet.com/psirt/FG-IR-25-554
- https://fortiguard.fortinet.com/psirt/FG-IR-25-616
- https://fortiguard.fortinet.com/psirt/FG-IR-25-647
- https://fortiguard.fortinet.com/psirt/FG-IR-25-945
- https://fortiguard.fortinet.com/psirt/FG-IR-25-984
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Related Tags
Share with