Fortinet

FortiOS

269 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-53844

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 12.05.2026 16:54:10
  • Zuletzt bearbeitet 15.05.2026 14:04:00

A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.

6.5

CVE-2025-61624

  • EPSS 0.09%
  • Veröffentlicht 14.04.2026 15:39:51
  • Zuletzt bearbeitet 12.05.2026 13:17:23

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all version...

8.8

CVE-2025-53847

  • EPSS 0.05%
  • Veröffentlicht 14.04.2026 15:38:06
  • Zuletzt bearbeitet 12.05.2026 13:17:21

A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allo...

5.8

CVE-2025-55018

  • EPSS 0.08%
  • Veröffentlicht 10.02.2026 15:39:12
  • Zuletzt bearbeitet 12.05.2026 13:17:22

An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenti...

4.2

CVE-2025-62439

  • EPSS 0.02%
  • Veröffentlicht 10.02.2026 15:39:12
  • Zuletzt bearbeitet 12.05.2026 13:17:23

An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated us...

7.2

CVE-2025-64157

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 10.02.2026 15:39:12
  • Zuletzt bearbeitet 12.05.2026 13:17:23

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or comm...

5.9

CVE-2025-68686

  • EPSS 0.03%
  • Veröffentlicht 10.02.2026 15:39:12
  • Zuletzt bearbeitet 12.02.2026 14:49:23

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may...

8.1

CVE-2026-22153

Medienbericht
  • EPSS 0.08%
  • Veröffentlicht 10.02.2026 15:39:12
  • Zuletzt bearbeitet 12.02.2026 16:03:10

An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP serve...

3.2

CVE-2026-25815

  • EPSS 0%
  • Veröffentlicht 05.02.2026 21:14:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). ...

9.8

CVE-2026-24858

Warnung Medienbericht
  • EPSS 3.95%
  • Veröffentlicht 27.01.2026 19:18:23
  • Zuletzt bearbeitet 12.05.2026 18:47:28

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15...