CVSS: 5.9EPSS: %CPEs: 7EXPL: 0CVE-2024-50568
https://notcve.org/view.php?id=CVE-2024-50568
10 Jun 2025 — A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specific data to spoof the identity of a downstream device of the security fabric via crafted TCP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-058 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 4.3EPSS: %CPEs: 5EXPL: 0CVE-2025-25250
https://notcve.org/view.php?id=CVE-2025-25250
10 Jun 2025 — An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL. • https://fortiguard.fortinet.com/psirt/FG-IR-24-257 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.2EPSS: %CPEs: 9EXPL: 0CVE-2023-29184
https://notcve.org/view.php?id=CVE-2023-29184
10 Jun 2025 — An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-008 • CWE-459: Incomplete Cleanup •
CVSS: 6.6EPSS: %CPEs: 9EXPL: 0CVE-2025-22254
https://notcve.org/view.php?id=CVE-2025-22254
10 Jun 2025 — An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & FortiWeb version 7.6.0 through 7.6.1 and before 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module. • https://fortiguard.fortinet.com/psirt/FG-IR-25-006 • CWE-269: Improper Privilege Management •
CVSS: 3.1EPSS: %CPEs: 5EXPL: 0CVE-2025-22251
https://notcve.org/view.php?id=CVE-2025-22251
10 Jun 2025 — An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets. • https://fortiguard.fortinet.com/psirt/FG-IR-24-287 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 4.8EPSS: %CPEs: 16EXPL: 0CVE-2024-50562
https://notcve.org/view.php?id=CVE-2024-50562
10 Jun 2025 — An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out. • https://fortiguard.fortinet.com/psirt/FG-IR-24-339 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-47294
https://notcve.org/view.php?id=CVE-2025-47294
28 May 2025 — A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request. • https://fortiguard.fortinet.com/psirt/FG-IR-24-388 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.7EPSS: 0%CPEs: 4EXPL: 0CVE-2025-47295
https://notcve.org/view.php?id=CVE-2025-47295
28 May 2025 — A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control. • https://fortiguard.fortinet.com/psirt/FG-IR-24-381 • CWE-126: Buffer Over-read •
CVSS: 7.6EPSS: 0%CPEs: 16EXPL: 0CVE-2024-50565
https://notcve.org/view.php?id=CVE-2024-50565
08 Apr 2025 — A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyze... • https://fortiguard.fortinet.com/psirt/FG-IR-24-046 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.6EPSS: 0%CPEs: 14EXPL: 0CVE-2024-26013
https://notcve.org/view.php?id=CVE-2024-26013
08 Apr 2025 — A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 throug... • https://fortiguard.fortinet.com/psirt/FG-IR-24-046 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •