Tag: Fortinet

Fortinet FortiClientEMS Vulnerability Exploited in the Wild (CVE-2026-35616)

Posted by Author Diksha Ojha on Posted on

Fortinet released a security advisory to address an actively exploited vulnerability impacting FortiClientEMS. Tracked as CVE-2026-35616, the vulnerability has a critical severity rating with a CVSS score of 9.1. Successful exploitation may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

FortiOS and FortiSwitchManager Code Execution Vulnerability (CVE-2025-25249)

Posted by Author Diksha Ojha on Posted on

Fortinet Product Security Team discovered a security vulnerability impacting FortiOS and FortiSwitchManager. Tracked as CVE-2025-25249, the vulnerability is a high-severity issue with a CVSS score of 7.3. The heap-based buffer overflow vulnerability exists in FortiOS and FortiSwitchManager cw_acd daemon. The vulnerability may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)

Posted by Author Diksha Ojha on Posted on

Kentaro Kawane from GMO Cybersecurity discovered a vulnerability of critical severity impacting FortiWeb. Tracked as CVE-2025-25257, the vulnerability has a CVSS score of 9.6. Upon successful exploitation of the vulnerability, an unauthenticated attacker can execute unauthorized SQL code via crafted HTTP or HTTPS requests. FortiWeb is a web application firewall (WAF) designed to protect web … Continue reading “Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)”

Fortinet Addresses Code Execution Vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder & FortiCamera (CVE-2025-32756)

Posted by Author Diksha Ojha on Posted on

Fortinet released a security advisory to address a critical severity vulnerability impacting FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. Tracked as CVE-2025-32756, the vulnerability has a CVSS score of 9.6. A remote unauthenticated attacker may exploit the stack-based overflow vulnerability to execute arbitrary code or commands via crafted HTTP requests.

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Exploited in Attacks (CVE-2024-55591)

Posted by Author Diksha Ojha on Posted on

Fortinet released a security advisory to address a zero-day vulnerability tracked as CVE-2024-55591. The vulnerability has a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow a remote attacker to gain super-admin privileges via crafted requests to the Node.js websocket module. Fortinet mentioned in the advisory that the authentication … Continue reading “Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Exploited in Attacks (CVE-2024-55591)”

Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability (CVE-2023-34990)

Posted by Author Diksha Ojha on Posted on

Fortinet released a security advisory to address an unauthenticated file read vulnerability in FortiWLM. Tracked as CVE-2024-34990, the vulnerability has a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to read sensitive files. The vulnerability originates from a path traversal issue that may … Continue reading “Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability (CVE-2023-34990)”

Fortinet FortiClientLinux Remote Code Execution Vulnerability (CVE-2023-45590)

Posted by Author Diksha Ojha on Posted on

Fortinet FortiClientLinux is vulnerable to a critical severity flaw being tracked as CVE-2023-45590. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the affected systems. To exploit this improper code injection flaw, an attacker must trick a FortiClientLinux user into visiting a malicious website.