
CVE-2025-22859
https://notcve.org/view.php?id=CVE-2025-22859
13 May 2025 — A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-552 • CWE-23: Relative Path Traversal •

CVE-2025-22855
https://notcve.org/view.php?id=CVE-2025-22855
08 Apr 2025 — An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code. • https://fortiguard.fortinet.com/psirt/FG-IR-23-344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-36506
https://notcve.org/view.php?id=CVE-2024-36506
14 Jan 2025 — An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection. • https://fortiguard.fortinet.com/psirt/FG-IR-24-078 • CWE-940: Improper Verification of Source of a Communication Channel •