High Threat Security Alert (A25-11-19): Multiple Vulnerabilities in Fortinet Products


 

Published on: 19 November 2025

Share on Facebook    Share on X   

Description:

Fortinet has released security updates to address multiple vulnerabilities in several Fortinet products or components. A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to exploit the vulnerabilities.

Reports indicated that the remote code execution vulnerability (CVE-2025-58034) in FortiWeb is being exploited in the wild. System administrators are advised to take immediate action to upgrade your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • FortiADC version 6.2 (all versions), version 7.0 (all versions), version 7.1 (all versions), version 7.2 (all versions), version 7.4 (all versions), version 7.6.0 through 7.6.3, version 8.0.0
  • FortiClientWindows version 7.0 (all versions), version 7.2.0 through 7.2.10, version 7.4.0 through 7.4.3
  • FortiExtender version 7.0 (all versions), version 7.2 (all versions), version 7.4.0 through 7.4.6, version 7.6.0 through 7.6.1
  • FortiMail version 7.0 (all versions), version 7.2 (all versions), version 7.4.0 through 7.4.5, version 7.6.0 through 7.6.3
  • FortiPAM version 1.0 (all versions), version 1.1 (all versions), version 1.2 (all versions), version 1.3 (all versions), version 1.4 (all versions), version 1.5 (all versions), version 1.6.0
  • FortiProxy version 7.0 (all versions), version 7.2 (all versions), version 7.4 (all versions), version 7.6.0 through 7.6.3
  • FortiSandbox version 4.0 (all versions), version 4.2 (all versions), version 4.4.0 through 4.4.7, version 5.0.0 through 5.0.1
  • FortiSASE version 25.3.b
  • FortiOS version 6.0 (all versions), version 6.2 (all versions), version 6.4 (all versions), version 7.0 (all versions), version 7.2 (all versions), version 7.4 (all versions), version 7.6.0 through 7.6.3
  • FortiVoice version 7.0.0 through 7.0.7, version 7.2.0 through 7.2.2
  • FortiWeb version 7.0 (all versions), version 7.2 (all versions), version 7.4 (all versions), version 7.6.0 through 7.6.5, version 8.0.0 through 8.0.1

For detailed information of the affected products, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, information disclosure, security restriction bypass or spoofing on an affected system.

 

Recommendation:

Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://fortiguard.fortinet.com/psirt/FG-IR-24-501
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-112
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-125
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-225
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-251
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-259
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-358
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-513
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-545
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-632
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-634
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-666
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-686
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-736
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-789
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-843
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-844
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46215
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46373
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46775 (to CVE-2025-46776)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47761
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53843
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54660
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54821
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54971 (to CVE-2025-54972)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58034
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58412 (to CVE-2025-58413)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58692
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59669
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61713


Tag: Fortinet , FortiADC , FortiClientWindows , FortiExtender , FortiMail , FortiPAM , FortiProxy , FortiSandbox , FortiSASE , FortiOS , FortiVoice , FortiWeb
Tags