July 2, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple WordPress Plugins Vulnerabilities
June 13, 2025
Multiple Palo Alto Networks Products Vulnerabilities
June 14, 2025
Multiple WordPress Plugins Vulnerabilities
June 13, 2025
Multiple Palo Alto Networks Products Vulnerabilities
June 14, 2025
Severity
Medium
Analysis Summary
CVE-2025-31104 CVSS:7.2
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests.
CVE-2025-24471 CVSS:6.5
An Improper Certificate Validation vulnerability [CWE-295] in FortiOS may allow an EAP verified remote user to connect from FortiClient via revoked certificate.
CVE-2025-22256 CVSS:6.3
A improper handling of insufficient permissions or privileges in Fortinet FortiPAM, FortiSRA allows attacker to improper access control via specially crafted HTTP requests
CVE-2024-50562 CVSS:4.8
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.
CVE-2024-45329 CVSS:4.3
A authorization bypass through user-controlled key in Fortinet FortiPortal versions may allow an authenticated attacker to view unauthorized device information via key modification in API requests.
CVE-2024-32119 CVSS:4.8
An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.
Impact
- Security Bypass
- Code Execution
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-31104
CVE-2025-24471
CVE-2025-22256
CVE-2024-50562
CVE-2024-45329
CVE-2024-32119
Affected Vendors
- Fortinet
Affected Products
- Fortinet FortiClientEMS 6.4
- Fortinet FortiProxy 7.0.0
- Fortinet FortiProxy 7.0.1
- Fortinet FortiADC 6.2.0
- Fortinet FortiADC 6.1
- Fortinet FortiADC 7.2.0
- Fortinet FortiClientEMS 6.2
- Fortinet FortiClientEMS 7.0.0
- Fortinet FortiOS 6.4
- Fortinet FortiOS 7.4.0
- Fortinet FortiClientEMS 7.2.0
- Fortinet FortiPAM 1.1
- Fortinet FortiPortal 7.2
- Fortinet FortiOS 7.6.0
- Fortinet FortiOS 7.2
- Fortinet FortiPortal 7.0
- Fortinet FortiOS 7.0
- Fortinet FortiADC 8.0
- Fortinet FortiADC 7.6
- Fortinet FortiADC 7.4
- Fortinet FortiADC 7.1
- Fortinet FortiADC 7.0
- Fortinet FortiSASE 25.1.a
- Fortinet FortiPAM 1.6
- Fortinet FortiPAM 1.5
- Fortinet FortiPAM 1.4
- Fortinet FortiPAM 1.3
- Fortinet FortiPAM 1.2
- Fortinet FortiSRA 1.6
- Fortinet FortiSRA 1.5
- Fortinet FortiSRA 1.4
- Fortinet FortiPortal 7.4
Remediation
Refer to the FortiGuard Security Advisory for patch, upgrade or suggested workaround information.