Overview CVE-2025-54821 is a reported Improper Privilege Management vulnerability affecting multiple Fortinet products, including FortiOS, FortiPAM, and FortiProxy. This vulnerability allows an authenticated administrator to potentially bypass the trusted host policy through the use of a crafted Command Line Interface (CLI) command. Technical Details The vulnerability, classified as CWE-269 (Improper Privilege Management), stems from insufficient validation and sanitization of user-supplied input when processing CLI commands. An attacker, already authenticated as an administrator, can exploit this weakness by crafting a specific CLI command that circumvents the intended security restrictions enforced by the trusted host policy. This policy is designed to restrict…
-
-
Published: 2025-11-18 Overview A concerning vulnerability, identified as CVE-2025-54660, has been discovered in Fortinet’s FortiClientWindows application. This medium-severity flaw could allow a local attacker to potentially retrieve saved VPN user passwords. The vulnerability stems from active debug code left in the application, allowing for step-by-step execution and data extraction. Technical Details CVE-2025-54660 resides in the debug code present in specific versions of FortiClientWindows. The affected versions include: FortiClientWindows 7.4.0 through 7.4.3 FortiClientWindows 7.2.0 through 7.2.10 FortiClientWindows 7.0 all versions The active debug code allows a local attacker to run the application in a debugging environment. By stepping through the code…
-
Overview A high-severity vulnerability, identified as CVE-2025-53843, affects multiple versions of Fortinet FortiOS. This stack-based buffer overflow vulnerability could allow a remote attacker to execute unauthorized code or commands on a vulnerable system by sending specially crafted packets. This poses a significant risk to organizations using affected FortiOS versions. Technical Details CVE-2025-53843 is a stack-based buffer overflow. Specifically, a weakness in how FortiOS handles certain incoming network packets creates an opportunity for an attacker to overwrite parts of the system’s memory. By sending carefully constructed packets, an attacker can potentially inject and execute malicious code. The exact attack vector and…
-
Overview CVE-2025-53360 is a medium severity vulnerability affecting the Database Inventory plugin for GLPI (Gestion Libre de Parc Informatique). This plugin “manages” the Teclib’ inventory agents, enabling database inventory on workstations. Prior to version 1.0.3, any authenticated user, regardless of their role or permissions, could send requests directly to inventory agents. This could potentially lead to unauthorized data access or manipulation. This issue has been resolved in version 1.0.3. Technical Details The vulnerability stemmed from insufficient access control mechanisms within the Database Inventory plugin. The plugin did not properly validate the privileges of authenticated users before allowing them to interact…
-
Published on: 2025-11-18 Overview CVE-2025-48839 describes an Out-of-Bounds Write vulnerability (CWE-787) affecting multiple versions of FortiADC. This flaw can allow an authenticated attacker to potentially execute arbitrary code by sending specially crafted HTTP requests to a vulnerable FortiADC instance. Organizations using affected versions are strongly advised to apply the appropriate patches as soon as possible. Technical Details The vulnerability lies in how FortiADC processes incoming HTTP requests. A malformed request can trigger the software to write data beyond the allocated buffer, leading to a memory corruption. This out-of-bounds write can overwrite critical program data or even executable code, potentially allowing…
-
Overview CVE-2025-47761 is a high-severity vulnerability affecting Fortinet FortiClientWindows versions 7.4.0 through 7.4.3 and 7.2.0 through 7.2.9. This vulnerability, classified as an “Exposed IOCTL with Insufficient Access Control” (CWE-782), allows an authenticated local user to potentially execute unauthorized code via the fortips driver. Technical Details The vulnerability stems from an exposed Input/Output Control (IOCTL) interface within the fortips driver that lacks proper access control. A local attacker, after successful authentication, can leverage this exposed IOCTL to interact with the driver in unintended ways. Successful exploitation would require bypassing Windows memory protections like Heap integrity and Hardware-based Stack Protection (HSP). Furthermore,…
-
Overview CVE-2025-46776 is a medium-severity vulnerability affecting Fortinet FortiExtender devices. This vulnerability, classified as a classic buffer overflow, arises from insufficient input validation when processing CLI commands. An authenticated attacker could exploit this flaw to execute arbitrary code or commands on the affected system. This article provides a detailed analysis of the vulnerability, its potential impact, and necessary mitigation steps. Technical Details The vulnerability resides in how FortiExtender handles CLI commands. Specifically, a buffer copy operation fails to adequately check the size of the input data. This allows an attacker, authenticated to the FortiExtender device, to craft malicious CLI commands…
-
Overview CVE-2025-46775 is a medium severity vulnerability affecting Fortinet FortiExtender devices. This vulnerability allows an authenticated user to potentially obtain administrator credentials through the exploitation of debug log commands. This could lead to a complete compromise of the affected FortiExtender device. This article provides a detailed analysis of the vulnerability, its potential impact, and the necessary mitigation steps to protect your FortiExtender infrastructure. Technical Details The vulnerability resides in the improper handling of debug messages within FortiExtender. Specifically, sensitive information, including administrator credentials, may be inadvertently exposed within the debug logs. An authenticated user, even with limited privileges, can potentially…
-
Overview A critical security vulnerability, identified as CVE-2025-46373, has been discovered in Fortinet FortiClientWindows. This vulnerability is a heap-based buffer overflow (CWE-122) that could allow a local, authenticated attacker to execute arbitrary code on a vulnerable system. This poses a significant risk to organizations utilizing affected versions of FortiClientWindows. Technical Details CVE-2025-46373 is a Heap-based Buffer Overflow vulnerability [CWE-122] affecting the following Fortinet FortiClientWindows versions: FortiClientWindows 7.4.0 through 7.4.3 FortiClientWindows 7.2.0 through 7.2.8 The vulnerability resides within the “fortips_74.sys” driver. An authenticated local IPSec user can exploit this vulnerability to overwrite memory on the heap, potentially leading to arbitrary code…
-
Overview CVE-2025-46215 is a medium severity vulnerability affecting Fortinet FortiSandbox. This Improper Isolation or Compartmentalization vulnerability [CWE-653] allows an unauthenticated attacker to bypass the sandboxing scan mechanism by submitting a specially crafted file. Successfully exploiting this vulnerability can prevent malicious files from being properly analyzed, leading to potential network compromise. Technical Details The vulnerability stems from a flaw in how FortiSandbox isolates and compartmentalizes the analyzed files during the sandboxing process. The crafted file exploits this weakness, enabling it to avoid triggering the sandbox environment’s analysis mechanisms. This essentially renders the sandboxing functionality ineffective for these specially crafted files. The…