PT-2026-32650

A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or...

CVE-2025-62631

Fortinet FortiOS versions affected by CVE-2025-62631: FortiOS 7.4.0, all 7.2 versions, all 7.0 versions, and all 6.4 versions. The issue is an insufficient session expiration (CWE-613) that lets an attacker maintain access to network resources via an active SSLVPN session not terminated after a u...

PT-2025-50125

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.4, 7.0, 7.2, and 7.4.0 Description An insufficient session expiration exists in Fortinet FortiOS. Specifically, an active SSLVPN session may not terminate after a user’s password change under certain conditions. Thi...

CVE-2020-9295

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious...

CVE-2022-45861

An access of uninitialized pointer vulnerability CWE-824 in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated...