Security Alert (A25-04-10): Multiple Vulnerabilities in Fortinet Products


 

Published on: 09 April 2025

  
  

Description:

Fortinet released security advisories to address multiple vulnerabilities in Fortinet systems. An attacker could exploit these vulnerabilities by sending specially crafted requests to an affected system.

 

Affected Systems:

  • FortiAnalyzer
  • FortiClientEMS
  • FortiIsolator
  • FortiManager
  • FortiOS
  • FortiProxy
  • FortiWeb
  • FortiSwitch

For detailed information of the affected products, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass, spoofing or tampering of affected system.

 

Recommendation:

Patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://fortiguard.fortinet.com/psirt/FG-IR-23-165
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-392
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-435
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-046
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-397
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-453
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-111
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-184
  • https://fortiguard.fortinet.com/psirt/FG-IR-23-344
  • https://fortiguard.fortinet.com/psirt/FG-IR-24-474
  • https://www.hkcert.org/security-bulletin/fortinet-products-multiple-vulnerabilities_new_20250409
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37930
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26013
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32122
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46671
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48887
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50565
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52962
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54024
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54025
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22855
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25254


Tag: Fortinet , FortiAnalyzer , FortiClient , FortiIsolator , FortiManager , FortiOS , FortiProxy , FortiWeb , FortiSwitch
Tags