High Threat Security Alert (A25-12-06): Multiple Vulnerabilities in Fortinet Products


 

Published on: 10 December 2025

Description:

Fortinet has released security updates to address multiple vulnerabilities in several Fortinet products or components. A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to exploit the vulnerabilities.

Reports indicated that the authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) in Fortinet Products are exploited in the wild. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • FortiAnalyzer version 7.2.0 through 7.2.5, version 7.4.0 through 7.4.2
  • FortiAuthenticator version 6.3 (all versions), version 6.4 (all versions), version 6.5 (all versions), version 6.6.0 through 6.6.6
  • FortiExtender version 7.0 (all versions), version 7.2 (all versions), version 7.4.0 through 7.4.7, version 7.6.0 through 7.6.3
  • FortiManager version 6.4 (all versions), version 7.0 (all versions), version 7.2.0 through 7.2.5, version 7.4.0 through 7.4.2
  • FortiOS version 6.4 (all versions), version 7.0 (all versions), version 7.2 (all versions), version 7.4.0 through 7.4.8, version 7.6.0 through 7.6.3
  • FortiPAM version 1.0 (all versions), version 1.1 (all versions), version 1.2 (all versions), version 1.3 (all versions), version 1.4 (all versions)
  • FortiPortal version 6.0 (all versions), version 7.4.0 through 7.4.5
  • FortiProxy version 7.0.0 through 7.0.21, version 7.2.0 through 7.2.14, version 7.4.0 through 7.4.10, version 7.6.0 through 7.6.3
  • FortiSASE version 24.1.b
  • FortiSandbox version 4.0 (all versions), version 4.2 (all versions), version 4.4.0 through 4.4.7, version 5.0.0 through 5.0.2
  • FortiSOAR on-premise version 7.3 (all versions), version 7.4 (all versions), version 7.5.0 through 7.5.1, version 7.6.0 through 7.6.2
  • FortiSOAR PaaS version 7.3 (all versions), version 7.4 (all versions), version 7.5.0 through 7.5.1, version 7.6.0 through 7.6.2
  • FortiSRA version 1.4 (all versions)
  • FortiSwitchManager version 7.0.0 through 7.0.5, version 7.2.0 through 7.2.6
  • FortiVoice version 6.0 (all versions), version 6.4 (all versions), version 7.0.0 through 7.0.7, version 7.2.0 through 7.2.2
  • FortiWeb version 7.0.0 through 7.0.11, version 7.2.0 through 7.2.11, version 7.4.0 through 7.4.10, version 7.6.0 through 7.6.5, version 8.0.0 through 8.0.1

For detailed information of the affected products, please refer to the section 'Affected Products' of corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure or security restriction bypass on an affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://fortiguard.fortinet.com/psirt/FG-IR-24-133
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-268
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-032
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-362
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-411
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-454
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-477
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-479
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-554
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-599
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-601
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-616
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-647
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-739
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-812
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-945
  • https://fortiguard.fortinet.com/psirt/FG-IR-25-984
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40593
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47570
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53679
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53949
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54353
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54838
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57823
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59718 (to CVE-2025-59719)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59808
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59810
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59923
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60024
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62631
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64153
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64156
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64447
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64471


Tag: Fortinet , FortiAnalyzer , FortiAuthenticator , FortiExtender , FortiManager , FortiOS , FortiPAM , FortiPortal , FortiProxy , FortiSASE , FortiSandbox , FortiSOAR , FortiSRA , FortiSwitchManager , FortiVoice , FortiWeb
Tags