- 129/2025
- High
Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, conduct server-side request forgery attacks, bypass security restrictions, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Multiple OS Command Injection in Web Vulnerability Scanner (CVE-2025- 31104):
- CVSS: 7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. Fortinet FortiOS Improper Privilege Management Vulnerability in GUI Websocket Module (CVE-2025-22254):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Privileges
Sample of the affected products:
- FortiManager.
- FortiAnalyzer.
- FortiOS.
- FortiProxy.
- FortiWeb.
Vulnerabilities
- CVE-2025-24471
- CVE-2024-50568
- CVE-2024-32119
- CVE-2023-29184
- CVE-2025-22862
- CVE-2025-22254
- CVE-2023-42788
- CVE-2025-31104
- CVE-2024-50562
- CVE-2024-45329
- CVE-2025-25250
- CVE-2025-22256
- CVE-2024-54019
- CVE-2025-22251
- CVE-2023-48786
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.