PSIRT Advisories
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here. And, for recommended upgrade path, see our Upgrade Path Tool Table.
PSIRT
Description
Affected Products
Updated Date
Component
Severity
FG-IR-25-667 Request smuggling attack in FortiOS
CVE-2025-55018
CVE-2025-55018
An HTTP request smuggling vulnerability [CWE-444] in FortiOS may allow an unauthenticated attacker to...
FortiOS
7.6.0, 7.4.9, 7.4.8, 7.4.7, 7.4.6 ...
Feb 26, 2026
Published:Feb 10, 2026
Feb 26, 2026
Published: Feb 10, 2026
OTHERS
OTHERS
Medium
Medium
Severity
FG-IR-26-076 OpenSSL CVE-2025-15467
CVE-2025-15467
CVE-2025-15467
CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a...
FortiAP
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.6 ...
FortiClientWindows
7.4.5, 7.4.4, 7.4.3, 7.4.2, 7.4.1 ...
FortiNAC-F
7.6.5, 7.6.4, 7.6.3, 7.6.2, 7.6.1 ...
Feb 25, 2026
Published:Jan 30, 2026
Feb 25, 2026
Published: Jan 30, 2026
OTHERS
OTHERS
Critical
Critical
Severity
FG-IR-25-084 Heap-based buffer overflow in cw_acd daemon
CVE-2025-25249
CVE-2025-25249
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiSwitchManager cw_acd daemon may...
FortiOS
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.8 ...
FortiSwitchManager
7.2.6, 7.2.5, 7.2.4, 7.2.3, 7.2.2 ...
Feb 23, 2026
Published:Jan 13, 2026
Feb 23, 2026
Published: Jan 13, 2026
OTHERS
OTHERS
High
High
Severity
FG-IR-25-384 Firewall policy bypass in FSSO Terminal Services Agent
CVE-2025-62439
CVE-2025-62439
An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] in FortiOS FSSO...
FortiOS
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
Published:
Feb 10, 2026
Feb 10, 2026
Published: Feb 10, 2026
OTHERS
OTHERS
Low
Low
Severity
FG-IR-25-795 Format String Vulnerability in CAPWAP fast-failover mode
CVE-2025-64157
CVE-2025-64157
A Use of Externally-Controlled Format String vulnerability [CWE-134] in FortiGate may allow an...
FortiOS
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
Published:
Feb 10, 2026
Feb 10, 2026
Published: Feb 10, 2026
CLI
CLI
Medium
Medium
Severity
FG-IR-25-1052 LDAP authentication bypass in Agentless VPN and FSSO
CVE-2026-22153
CVE-2026-22153
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] in FortiOS fnbamd may allow an...
FortiOS
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
Published:
Feb 10, 2026
Feb 10, 2026
Published: Feb 10, 2026
SSL-VPN
SSL-VPN
High
High
Severity
FG-IR-25-934 SSL-VPN Symlink Persistence Patch Bypass
CVE-2025-68686
CVE-2025-68686
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN...
FortiOS
7.6.1, 7.6.0, 7.4.6, 7.4.5, 7.4.4 ...
Published:
Feb 10, 2026
Feb 10, 2026
Published: Feb 10, 2026
SSL-VPN
SSL-VPN
Medium
Medium
Severity
FG-IR-25-093 XSS via back button
CVE-2025-52436
CVE-2025-52436
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability...
FortiSandbox
5.0.1, 5.0.0, 4.4.7, 4.4.6, 4.4.5 ...
Published:
Feb 10, 2026
Feb 10, 2026
Published: Feb 10, 2026
GUI
GUI
High
High
Severity
FG-IR-26-060 Administrative FortiCloud SSO authentication bypass
CVE-2026-24858
CVE-2026-24858
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS,...
FortiAnalyzer
7.6.5, 7.6.4, 7.6.3, 7.6.2, 7.6.1 ...
FortiManager
7.6.5, 7.6.4, 7.6.3, 7.6.2, 7.6.1 ...
FortiOS
7.6.5, 7.6.4, 7.6.3, 7.6.2, 7.6.1 ...
FortiProxy
7.6.4, 7.6.3, 7.6.2, 7.6.1, 7.6.0 ...
FortiSwitchManager
7.2.8, 7.2.7, 7.2.6, 7.2.5, 7.2.4 ...
FortiWeb
8.0.3, 8.0.2, 8.0.1, 8.0.0, 7.6.6 ...
Published:
Jan 27, 2026
Jan 27, 2026
Published: Jan 27, 2026
GUI
GUI
Critical
Critical
Severity
FG-IR-25-783 SSRF in GUI console
CVE-2025-67685
CVE-2025-67685
A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] in FortiSandbox may allow an authenticated...
FortiSandbox
5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0 ...
Published:
Jan 13, 2026
Jan 13, 2026
Published: Jan 13, 2026
GUI
GUI
Low
Low
Severity
FG-IR-23-494 `Host` header injection
CVE-2022-23439
CVE-2022-23439
An externally controlled reference to a resource in another sphere vulnerability [CWE-610] in multiple...
FortiADC
7.0.1, 7.0.0, 6.2.3, 6.2.2, 6.2.1 ...
FortiAnalyzer
7.4.2, 7.4.1, 7.4.0, 7.2.12, 7.2.11 ...
FortiAuthenticator
6.4.1, 6.4.0, 6.3.3, 6.3.2, 6.3.1 ...
FortiDDoS
5.5.1, 5.5.0, 5.4.3, 5.4.2, 5.4.1 ...
FortiDDoS-F
6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.3 ...
FortiMail
7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8 ...
FortiManager
7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.12 ...
FortiNDR
7.2.0, 7.1.0, 7.0.7, 7.0.6, 7.0.5 ...
FortiOS
7.2.4, 7.2.3, 7.2.2, 7.2.1, 7.2.0 ...
FortiPortal
6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5 ...
FortiProxy
7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 ...
FortiRecorder
6.4.2, 6.4.1, 6.4.0, 6.0.10, 6.0.9 ...
FortiSOAR on-premise
7.2.2, 7.2.1, 7.2.0, 7.0.3, 7.0.2 ...
FortiSwitch
7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0 ...
FortiTester
7.2.1, 7.2.0, 7.1.1, 7.1.0, 7.0.0 ...
FortiVoice
7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6 ...
FortiWLC
8.6.7, 8.6.6, 8.6.5, 8.6.4, 8.6.3 ...
Jan 07, 2026
Published:Jan 14, 2025
Jan 07, 2026
Published: Jan 14, 2025
GUI
GUI
Medium
Medium
Severity
FG-IR-24-133 Private key readable by admin
CVE-2024-40593
CVE-2024-40593
A key management error vulnerability [CWE-320] in FortiManager, FortiAnalyzer and FortiPortal may allow an...
FortiAnalyzer
7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ...
FortiManager
7.4.2, 7.4.1, 7.4.0, 7.2.5, 7.2.4 ...
FortiOS
7.6.0, 7.4.4, 7.2.7, 7.0.14
FortiPortal
6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11 ...
Dec 10, 2025
Published:Dec 09, 2025
Dec 10, 2025
Published: Dec 09, 2025
CLI
CLI
Medium
Medium
Severity
FG-IR-24-268 Insertion of sensitive information into REST API logs
CVE-2024-47570
CVE-2024-47570
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS, FortiProxy,...
FortiOS
7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.7 ...
FortiPAM
1.4.3, 1.4.2, 1.4.1, 1.4.0, 1.3.1 ...
FortiProxy
7.4.3, 7.4.2, 7.4.1, 7.4.0, 7.2.11 ...
FortiSASE
24.1.10
FortiSRA
1.4.3, 1.4.2, 1.4.1, 1.4.0
Published:
Dec 09, 2025
Dec 09, 2025
Published: Dec 09, 2025
OTHERS
OTHERS
Medium
Medium
Severity
FG-IR-25-411 Insufficient Session Expiration in SSLVPN
CVE-2025-62631
CVE-2025-62631
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSLVPN may allow an attacker to...
FortiOS
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.7 ...
Published:
Dec 09, 2025
Dec 09, 2025
Published: Dec 09, 2025
SSL-VPN
SSL-VPN
Medium
Medium
Severity
FG-IR-25-647 Multiple Fortinet Products' FortiCloud SSO Login Authentication Bypass
CVE-2025-59718 CVE-2025-59718
CVE-2025-59718 CVE-2025-59718
An Improper Verification of Cryptographic Signature vulnerability[CWE-347] in FortiOS, FortiWeb,...
FortiOS
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.8 ...
FortiProxy
7.6.3, 7.6.2, 7.6.1, 7.6.0, 7.4.10 ...
FortiSwitchManager
7.2.6, 7.2.5, 7.2.4, 7.2.3, 7.2.2 ...
FortiWeb
8.0.0, 7.6.4, 7.6.3, 7.6.2, 7.6.1 ...
Published:
Dec 09, 2025
Dec 09, 2025
Published: Dec 09, 2025
GUI
GUI
Critical
Critical
Severity