
CVE-2024-45329
https://notcve.org/view.php?id=CVE-2024-45329
10 Jun 2025 — A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-274 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVE-2025-46777
https://notcve.org/view.php?id=CVE-2025-46777
28 May 2025 — A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log. • https://fortiguard.fortinet.com/psirt/FG-IR-24-380 • CWE-532: Insertion of Sensitive Information into Log File •

CVE-2024-40590
https://notcve.org/view.php?id=CVE-2024-40590
14 Mar 2025 — An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints. An improper certificate validation vulnerability [CWE-295] in FortiPo... • https://fortiguard.fortinet.com/psirt/FG-IR-22-155 • CWE-295: Improper Certificate Validation •

CVE-2025-24470
https://notcve.org/view.php?id=CVE-2025-24470
11 Feb 2025 — An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests. An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-25-015 • CWE-41: Improper Resolution of Path Equivalence •