Fortinet Releases Security Advisory for Authentication Bypass Vulnerability

An authentication bypass using an alternate path or channel [CWE-288] vulnerability in FortiOS, FortiProxy & FortiPAM may allow an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, Read More …

Fortinet Releases Multiple Security Advisories

Fortinet has released security advisories to two critical vulnerabilities. The security advisories address one critical vulnerability in FortiOS, FortiProxy and FortiSwitchManager, and an exploited vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. CVE-2025-32756 is a ‘stack-based buffer overflow’ vulnerability with Read More …

Fortinet Releases Security Updates for FortiOS and FortiGate

Fortinet has released security updates for FortiOS to mitigate novel post-exploitation activity observed against FortiGate devices. The disclosure details a new persistence technique used by an attacker, in conjunction with known vulnerabilities, to maintain read-only access to FortiGate devices through Read More …

Fortinet Releases Multiple Security Advisories

Fortinet has released 18 security advisories to address a range of security vulnerabilities in multiple products. Three of the advisories address two high severity vulnerabilities in FortiClient for Windows and one high severity vulnerability in FortiOS affecting SSLVPN sessions. FortiClient Read More …

Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)

Mandiant is tracking a suspected China-nexus campaign believed to have exploited a recently announced vulnerability in Fortinet’s FortiOS SSL-VPN, CVE-2022-42475, as a zero-day. Evidence suggests the exploitation was occurring as early as October 2022 and identified targets include a European Read More …