CVE-2025-61624

>= 7.0.0 and < 7.0.7

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0

6.0MEDIUM

CVE-2025-25249

>= 7.0.0 and < 7.0.6

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 thr

8.1HIGH

CVE-2025-59718

>= 7.0.0 and < 7.0.6

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.

9.8CRITICAL

CVE-2025-49201

>= 7.2.0 and < 7.2.5

A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM

8.1HIGH

CVE-2025-22258

>= 7.2.1 and < 7.2.6

A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1

6.5MEDIUM

CVE-2024-26008

>= 7.0.0 and < 7.0.4

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before

5.3MEDIUM

CVE-2024-26009

>= 7.0.0 and < 7.0.4

An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, Fort

8.1HIGH

CVE-2025-22252

all versions

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2

9.8CRITICAL

CVE-2023-25610

>= 7.0.0 and < 7.0.2

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7

9.8CRITICAL

CVE-2023-40721

>= 7.0.0 and < 7.0.3

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to ex

6.7MEDIUM

CVE-2024-26011

>= 7.0.0 and < 7.0.4

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 th

5.3MEDIUM

CVE-2022-45862

>= 7.0.0 and < 7.2.2

An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all ver

3.7LOW

CVE-2024-26010

>= 7.0.1 and < 7.0.4

A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthent

7.5HIGH

CVE-2023-45583

>= 7.0.0 and < 7.0.3

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 thro

6.7MEDIUM

CVE-2024-23113

>= 7.0.0 and <= 7.0.3

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through

9.8CRITICAL

CVE-2023-36635

all versions

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote auth

7.1HIGH

CVE-2022-42474

all versions

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and

6.5MEDIUM

CVE-2022-41335

all versions

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before

8.8HIGH

CVE-2022-40684

all versions

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 th

9.8CRITICAL