CVE-2023-29184 CVSS:3.2

Fortinet FortiOS and FortiProxy could allow a remote attacker to bypass security restrictions to add SSH key files on the system via crafted CLI requests, caused by an incomplete cleanup vulnerability.

CVE-2025-25250 CVSS:4.3

Fortinet FortiOS could allow a remote attacker to obtain sensitive information, caused by the exposure of sensitive information through data queries vulnerability. A remote attacker could access full SSL-VPN settings via crafted URL.

CVE-2023-48786 CVSS:4.3

Fortinet FortiClientEMS is vulnerable to server-side request forgery. By using a specially-crafted argument, an attacker could exploit this vulnerability to conduct SSRF attack.

CVE-2025-22254 CVSS:6.6

Fortinet FortiOS, FortiProxy and FortiWeb could allow a remote attacker to bypass security restrictions, caused by an improper privilege management vulnerability. By sending a specially crafted request to Node.js websocket module, an attacker could exploit this vulnerability to gain super-admin.

CVE-2025-22251 CVSS:3.1

Fortinet FortiOS could allow a remote attacker to hijack a user's session, caused by improper restriction of the communication channel to intended endpoints. By sending crafted FGSP session synchronization packets, an attacker could exploit this vulnerability to inject unauthorized sessions.

CVE-2024-54019 CVSS:4.8

Fortinet FortiClientWindows could allow a remote attacker to bypass security restrictions, caused by an improper certificate validation vulnerability. An attacker could redirect VPN connections via DNS spoofing or another form of redirection.

CVE-2024-50568 CVSS:5.9

Fortinet FortiOS and FortiProxy could allow a remote attacker to conduct spoofing attacks, caused by a channel accessible by a non-endpoint vulnerability. By using specially crafted TCP requests with knowledge of device-specific data, an attacker can spoof the identity of a downstream device of the security fabric.