CVE-2025-47294 CVSS:5.3

A integer overflow or wraparound in Fortinet FortiOS may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request.

CVE-2025-47295 CVSS:7.5

A buffer over-read in Fortinet FortiOS may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control.

CVE-2025-46777 CVSS:2.3

A insertion of sensitive information into log file in Fortinet FortiPortal , may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log.

CVE-2025-22252 CVSS:9.8

A missing authentication for critical function in Fortinet FortiProxy, FortiSwitchManager, and FortiOS may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.

CVE-2024-54020 CVSS:7.8

A missing authorization in Fortinet FortiManager versions may allow an authenticated attacker to overwrite global threat feeds via crafted update requests.