Home / Manufacturers / Fortinet

Manufacturer page

Fortinet firmware updates — official sources

Fortinet PSIRT advisories are high-value because they usually include affected versions, fixed versions, workarounds, and exploitation notes.

Critical operational priority2025-03-31Exploited in the wild

FG-IR-24-535 authentication bypass using alternate path/channel

Fortinet disclosed an authentication bypass that could allow a remote attacker to gain super-admin privileges via crafted requests to the Node.js websocket module or crafted CSF proxy requests; the vendor said it was being exploited in the wild.

AffectedFortiOS 7.0.0-7.0.16
Fixed version(s)FortiOS 7.0.17+
Official advisory / notes ↗
Critical/High operational priority2025-01-15Exploited in the wild

FG-IR-24-015 SSL-VPN out-of-bounds write

Fortinet said an out-of-bounds write in FortiOS and FortiProxy could allow remote unauthenticated code execution via crafted HTTP requests and noted potential exploitation in the wild.

AffectedFortiOS 7.4.0-7.4.2, FortiOS 7.2.0-7.2.6, FortiOS 7.0.0-7.0.13, FortiOS 6.4.0-6.4.14
Fixed version(s)7.4.3+, 7.2.7+, 7.0.14+, 6.4.15+
Official advisory / notes ↗