Security Alert (A25-10-14): Multiple Vulnerabilities in Fortinet Products


 

Published on: 15 October 2025

Share on Facebook    Share on X   

Description:

Fortinet has released security updates to address multiple vulnerabilities in several Fortinet products or components. A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to exploit the vulnerabilities.

 

Affected Systems:

  • FortiOS version 6.0 (all versions), version 6.2 (all versions), version 6.4 (all versions), version 7.0 (all versions), version 7.2 (all versions), version 7.4.0 through 7.4.8, version 7.6.0 through 7.6.3
  • FortiProxy version 1.0 (all versions), version 1.1 (all versions), version 1.2 (all versions), version 2.0 (all versions), version 7.0 (all versions), version 7.2 (all versions), version 7.4 (all versions), version 7.6.0 through 7.6.3
  • FortiManager version 6.0 (all versions), version 6.2 (all versions), version 6.4 (all versions), version 7.0.0 through 7.0.13, version 7.2.0 through 7.2.9, version 7.4.1 through 7.4.5, version 7.6.0 through 7.6.1
  • FortiManager Cloud version 6.4 (all versions), version 7.0.1 through 7.0.13, version 7.2.1 through 7.2.8, version 7.4.1 through 7.4.5, version 7.6.2
  • FortiAnalyzer version 6.0 (all versions), version 6.2 (all versions), version 6.4 (all versions), version 7.0.0 through 7.0.13, version 7.2.0 through 7.2.8, version 7.4.0 through 7.4.5, version 7.6.0 through 7.6.2
  • FortiAnalyzer Cloud version 6.4 (all versions), version 7.0.1 through 7.0.13, version 7.2.1 through 7.2.8, version 7.4.1 through 7.4.5
  • FortiMail version 7.0 (all versions), version 7.2.0 through 7.2.6, version 7.4.0 through 7.4.2
  • FortiNDR version 1.5 (all versions), version 7.0 (all versions), version 7.1 (all versions), version 7.2 (all versions), version 7.4.0 through 7.4.8, version 7.6.0 through 7.6.1
  • FortiPAM version 1.0 (all versions), version 1.1 (all versions), version 1.2 (all versions), version 1.3 (all versions), version 1.4.0 through 1.4.2, version 1.5.0
  • FortiRecorder version 7.0.0 through 7.0.4, version 7.2.0 through 7.2.1
  • FortiSASE version 24.3.a, version 25.3.a
  • FortiSRA version 1.4.0 through 1.4.2, version 1.5.0
  • FortiSwitchManager version 7.0.0 through 7.0.3, version 7.2.0 through 7.2.5
  • FortiTester version 4.2 (all versions), version 7.0 (all versions), version 7.1 (all versions), version 7.2 (all versions), version 7.3 (all versions), version 7.4.0 through 7.4.2
  • FortiVoice version 6.0.7 through 6.0.12, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.4
  • FortiWeb version 6.4 (all versions), version 7.0 (all versions), version 7.2 (all versions), version 7.4.0 through 7.4.4, version 7.6.0
  • FortiClientMac version 7.0 (all versions), version 7.2.0 through 7.2.11, version 7.4.0 through 7.4.3
  • FortiClientWindows version 7.0 (all versions), version 7.2.0 through 7.2.11, version 7.4.0 through 7.4.3

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure or security restriction bypass on an affected system.

 

Recommendation:

Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://fortiguard.fortinet.com/psirt/FG-IR-23-354
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-041
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-228
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-361
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-372
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-442
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-452
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-457
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-487
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-542
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-546
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-010
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-037
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-126
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-198
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-378
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-653
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-664
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-684
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-685
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-756
  • https://www.hkcert.org/security-bulletin/fortinet-products-multiple-vulnerabilities_20251015
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46718
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26008
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47569
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50571
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22258
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25252 (to CVE-2025-25253)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25255
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31366
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31514
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47890
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49201
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53845
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54822
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54973
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57740
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58325
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58903


Tag: Fortinet , FortiOS , FortiProxy , FortiManager , FortiAnalyzer , FortiMail , FortiNDR , FortiPAM , FortiRecorder , FortiSASE , FortiSRA , FortiSwitchManager , FortiTester , FortiVoice , FortiWeb , FortiClientMac , FortiClientWindows
Tags