CVE-2025-62439

An Improper Verification of Source of a Communication Channel vulnerability CWE-940 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations t...

CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...

PT-2026-7276

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.0 through 7.2.11 Fortinet FortiOS versions 7.4.0 through 7.4.9 Fortinet FortiOS versions 7.6.0 through 7.6.4 Description An issue exists in Fortinet FortiOS where a use of externally-controlled format string can all...

CVE-2025-62631

Fortinet FortiOS versions affected by CVE-2025-62631: FortiOS 7.4.0, all 7.2 versions, all 7.0 versions, and all 6.4 versions. The issue is an insufficient session expiration (CWE-613) that lets an attacker maintain access to network resources via an active SSLVPN session not terminated after a u...

CVE-2022-45861

An access of uninitialized pointer vulnerability CWE-824 in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated...