CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-40593
https://notcve.org/view.php?id=CVE-2024-40593
11 Dec 2025 — A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell. • https://fortiguard.fortinet.com/psirt/FG-IR-24-133 • CWE-320: Key Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-47570
https://notcve.org/view.php?id=CVE-2024-47570
09 Dec 2025 — An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration). • https://fortiguard.fortinet.com/psirt/FG-IR-24-268 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 5%CPEs: 10EXPL: 0CVE-2025-59718 – Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability
https://notcve.org/view.php?id=CVE-2025-59718
09 Dec 2025 — A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML res... • https://fortiguard.fortinet.com/psirt/FG-IR-25-647 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62631
https://notcve.org/view.php?id=CVE-2025-62631
09 Dec 2025 — An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's password change under particular conditions outside of the attacker's control • https://fortiguard.fortinet.com/psirt/FG-IR-25-411 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-53843
https://notcve.org/view.php?id=CVE-2025-53843
18 Nov 2025 — A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to execute unauthorized code or commands ... • https://fortiguard.fortinet.com/psirt/FG-IR-25-358 • CWE-121: Stack-based Buffer Overflow •
CVSS: 1.9EPSS: 0%CPEs: 16EXPL: 0CVE-2025-54821
https://notcve.org/view.php?id=CVE-2025-54821
18 Nov 2025 — An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an a... • https://fortiguard.fortinet.com/psirt/FG-IR-25-545 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-58413
https://notcve.org/view.php?id=CVE-2025-58413
18 Nov 2025 — A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 ... • https://fortiguard.fortinet.com/psirt/FG-IR-25-632 • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-31514
https://notcve.org/view.php?id=CVE-2025-31514
14 Oct 2025 — An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command. • https://fortiguard.fortinet.com/psirt/FG-IR-24-452 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-54822
https://notcve.org/view.php?id=CVE-2025-54822
14 Oct 2025 — An improper authorization vulnerability [CWE-285] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-25-684 • CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-25252
https://notcve.org/view.php?id=CVE-2025-25252
14 Oct 2025 — An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a user session to access or re-open that session via re-use of SAML record. • https://fortiguard.fortinet.com/psirt/FG-IR-24-487 • CWE-613: Insufficient Session Expiration •