Fortinet Product Security Team discovered a security vulnerability impacting FortiOS and FortiSwitchManager. Tracked as CVE-2025-25249, the vulnerability is a high-severity issue with a CVSS score of 7.3. The heap-based buffer overflow vulnerability exists in FortiOS and FortiSwitchManager cw_acd daemon. The vulnerability may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Tag: FortiSwitch Mnaager
FortiOS, FortyProxy, and FortiSwitch Manager Authentication Bypass Vulnerability on Administrative Interface (CVE-2022-40684)
Fortinet has patched a critical authentication bypass vulnerability in FortiOS, FortiProxy, and FortiSwitchManager products. Tracked as CVE-2022-40684, this is an authentication bypass vulnerability that could allow an attacker to perform unauthorized operations on vulnerable devices. CISA has added this vulnerability to its Known Exploitable Vulnerabilities Catalog. Fortinet addressed the vulnerability by tweeting, “Due to the ability … Continue reading “FortiOS, FortyProxy, and FortiSwitch Manager Authentication Bypass Vulnerability on Administrative Interface (CVE-2022-40684)”