Exploit for Missing Authentication for Critical Function in Fortinet Fortios

🗓️ 16 Oct 2025 22:18:09Reported by ayewoType

githubexploit

githubexploit🔗 github.com👁 151 Views

FortiOS LDAP misconfiguration enables credential exfiltration via MITM on local subnet.

Reporter	Title	Published	Views	Family All 31
ICS	Top Routinely Exploited Vulnerabilities	20 Aug 202112:00	–	ics
ICS	Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities	19 Nov 202112:00	–	ics
ICS	Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations	14 Sep 202212:00	–	ics
ATTACKERKB	CVE-2018-13379 Path Traversal in Fortinet FortiOS	4 Jun 201900:00	–	attackerkb
ATTACKERKB	CVE-2019-5591	14 Aug 202000:00	–	attackerkb
BDU FSTEC	The vulnerability of the FortiOS operating system, related to authentication errors, allows a perpetrator to gain unauthorized access to protected information.	17 Dec 201900:00	–	bdu_fstec
Circl	CVE-2019-5591	14 Aug 202020:55	–	circl
CISA KEV Catalog	Fortinet FortiOS Default Configuration Vulnerability	3 Nov 202100:00	–	cisa_kev
CISA	FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities	2 Apr 202100:00	–	cisa
CVE	CVE-2019-5591	14 Aug 202015:28	–	cve

16 Oct 2025 22:18Current

6.8Medium risk

Vulners AI Score6.8

CVSS 23.3

CVSS 3.16.5

EPSS0.18566

FortiOS directory service misconfiguration credential exfiltration man in middle local subnet