Description:
Fortinet has published security advisories to address multiple vulnerabilities in Fortinet systems. For detailed information about the vulnerabilities, please refer to the corresponding security advisories at vendor's website.
Affected Systems:
- FortiOS version 6.4 (all versions), version 7.0 (all versions), version 7.2.4 through 7.2.11, version 7.4.0 through 7.4.7, version 7.6.0 through 7.6.1
- FortiProxy version 7.0 (all versions), version 7.2 (all versions), 7.4.0 through 7.4.8, 7.6.0 through 7.6.1
- FortiManager version 6.4 (all versions), version 7.0 (all versions), version 7.2 (all version), version 7.4.0 through 7.4.6, version 7.6.0 through 7.6.1
- FortiAnalyzer version 6.4 (all versions), version 7.0 (all versions), version 7.2 (all versions), version 7.4.0 through 7.4.6, version 7.6.0 through 7.6.1
- FortiSASE 24.4.a
For detailed information of the affected products, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.
Impact:
Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, information disclosure, spoofing or tampering on an affected system.
Recommendation:
Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://fortiguard.fortinet.com/psirt/FG-IR-24-053
- https://fortiguard.fortinet.com/psirt/FG-IR-24-437
- https://fortiguard.fortinet.com/psirt/FG-IR-24-511
- https://fortiguard.fortinet.com/psirt/FG-IR-25-026
- https://www.hkcert.org/security-bulletin/fortinet-products-multiple-vulnerabilities_20250709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52965
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55599
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24474
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24477