Fortinet Products Multiple Vulnerabilities

Release Date: 19 Nov 2025

RISK: High Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and elevation of privilege on the targeted system.

Note:

CVE-2025-58034 is being exploited in the wild. This vulnerability in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. Hence, the risk level is rated as High Risk.

Impact

Remote Code Execution
Elevation of Privilege
Information Disclosure

System / Technologies affected

FortiOS

FortiOS 6.0 all versions
FortiOS 6.2 all versions
FortiOS 6.4 all versions
FortiOS 7.0 all versions
FortiOS 7.2 all versions
FortiOS 7.4 all versions
FortiOS 7.4.0 through 7.4.8
FortiOS 7.6.0 through 7.6.3

FortiProxy

FortiProxy 7.0 all versions
FortiProxy 7.2 all versions
FortiProxy 7.4 all versions
FortiProxy 7.6.0 through 7.6.3

FortiWeb

FortiWeb 7.0 all versions
FortiWeb 7.0.0 through 7.0.11
FortiWeb 7.2 all versions
FortiWeb 7.2.0 through 7.2.11
FortiWeb 7.4 all versions
FortiWeb 7.4.0 through 7.4.10
FortiWeb 7.6.0 through 7.6.5
FortiWeb 8.0.0 through 8.0.1

FortiMail

FortiMail 7.0 all versions
FortiMail 7.2 all versions
FortiMail 7.4.0 through 7.4.5
FortiMail 7.6.0 through 7.6.3

FortiClientWindows

FortiClientWindows 7.0 all versions
FortiClientWindows 7.2.0 through 7.2.10
FortiClientWindows 7.4.0 through 7.4.3

FortiSASE

FortiSASE 25.3.b

FortiPAM

FortiPAM 1.0 all versions
FortiPAM 1.1 all versions
FortiPAM 1.2 all versions
FortiPAM 1.3 all versions
FortiPAM 1.4 all versions
FortiPAM 1.5 all versions
FortiPAM 1.6.0

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Fortinet

2025年11月19日星期三