Overview A critical SQL Injection vulnerability, identified as CVE-2025-58692, has been discovered in Fortinet FortiVoice. This vulnerability allows an authenticated attacker to execute unauthorized code or commands on affected systems. Organizations using vulnerable versions of FortiVoice are strongly advised to apply the necessary patches immediately. Technical Details CVE-2025-58692 is classified as an Improper Neutralization of Special Elements used in an SQL Command (“SQL Injection”) vulnerability [CWE-89]. The vulnerability exists in FortiVoice versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.7. An authenticated attacker can exploit this flaw by sending specifically crafted HTTP or HTTPS requests that inject malicious SQL code into…
-
-
Overview CVE-2025-58413 is a high-severity stack-based buffer overflow vulnerability affecting multiple versions of Fortinet FortiOS and FortiSASE. This vulnerability allows a remote attacker to execute unauthorized code or commands on the affected device by sending specially crafted packets. This can lead to complete system compromise. Technical Details The vulnerability resides in how FortiOS handles certain network packets. A specially crafted packet can overwrite the stack buffer, leading to arbitrary code execution. The impacted versions are: FortiOS 7.6.0 through 7.6.3 FortiOS 7.4.0 through 7.4.8 FortiOS 7.2 (all versions) FortiOS 7.0 (all versions) FortiOS 6.4 (all versions) FortiOS 6.2 (all versions) FortiOS…
-
Overview CVE-2025-58034 is a high-severity OS Command Injection vulnerability affecting Fortinet FortiWeb web application firewalls. This vulnerability allows an authenticated attacker to execute arbitrary code on the underlying system by injecting malicious commands through crafted HTTP requests or CLI commands. Successful exploitation can lead to complete system compromise. Technical Details The vulnerability stems from improper neutralization of special elements within OS commands [CWE-78]. Specifically, the FortiWeb software fails to adequately sanitize user-supplied input before passing it to the operating system for execution. An attacker with valid authentication credentials can leverage this flaw by injecting malicious shell commands into parameters within…
-
Overview A critical security vulnerability, identified as CVE-2025-56527, has been discovered in Kotaemon version 0.11.0. This vulnerability involves the storage of user passwords in plaintext within the client’s localStorage. This means that if an attacker gains access to the client’s browser or localStorage data, they can easily retrieve user passwords, leading to significant security risks. Published on 2025-11-18T17:16:04.760, this issue has been assigned a HIGH severity rating. Technical Details The vulnerability stems from the application’s design, where user authentication credentials are not properly encrypted or hashed before being stored in the browser’s localStorage. localStorage is a persistent storage mechanism in…
-
Overview CVE-2025-56526 is a cross-site scripting (XSS) vulnerability found in Kotaemon version 0.11.0. This vulnerability allows attackers to execute arbitrary JavaScript code within the context of a user’s browser by injecting malicious code through a specially crafted PDF file. Successful exploitation of this vulnerability could lead to session hijacking, data theft, and other malicious activities. Technical Details The vulnerability stems from insufficient sanitization of data extracted from PDF files processed by Kotaemon. Specifically, the application fails to properly sanitize input when rendering PDF content, allowing an attacker to embed malicious JavaScript code within a PDF document. When a user opens…
-
Overview CVE-2025-55796 describes a critical vulnerability in the openml/openml.org web application, specifically version v2.0.20241110. This vulnerability stems from the use of predictable MD5-based tokens in essential user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. Due to the predictable nature of these tokens, remote attackers can potentially brute-force them within a limited timeframe, gaining unauthorized access to user accounts. Technical Details The core of the vulnerability lies in the token generation process. The application generates tokens by hashing the current timestamp formatted as "%d %H:%M:%S" using the MD5 algorithm. Crucially, this process does not…
-
Overview CVE-2025-54972 is a medium-severity vulnerability affecting Fortinet FortiMail email security gateways. This vulnerability involves an improper neutralization of CRLF (Carriage Return Line Feed) sequences, also known as a CRLF injection, which could allow an attacker to inject arbitrary headers into HTTP responses. The vulnerability exists in FortiMail versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.5, 7.2 (all versions), and 7.0 (all versions). An attacker can exploit this vulnerability by crafting a malicious link and convincing a user to click on it. Upon clicking, the crafted URL triggers the injection, potentially leading to various attacks. Technical Details The vulnerability stems from…
-
Overview CVE-2025-54971 is a medium severity vulnerability affecting Fortinet FortiADC application delivery controllers. This vulnerability allows an attacker with read-only administrative privileges to potentially access sensitive information, specifically external resource passwords, by analyzing the system logs. This exposure could lead to unauthorized access to external resources configured within the FortiADC. Technical Details The vulnerability resides in how FortiADC handles the logging of certain events related to external resources. Specifically, under certain configurations, the password for external resources is inadvertently included in the system logs. A read-only administrator, while unable to directly modify configurations, can access these logs and potentially extract…
-
Overview CVE-2025-54821 is a reported Improper Privilege Management vulnerability affecting multiple Fortinet products, including FortiOS, FortiPAM, and FortiProxy. This vulnerability allows an authenticated administrator to potentially bypass the trusted host policy through the use of a crafted Command Line Interface (CLI) command. Technical Details The vulnerability, classified as CWE-269 (Improper Privilege Management), stems from insufficient validation and sanitization of user-supplied input when processing CLI commands. An attacker, already authenticated as an administrator, can exploit this weakness by crafting a specific CLI command that circumvents the intended security restrictions enforced by the trusted host policy. This policy is designed to restrict…
-
Published: 2025-11-18 Overview A concerning vulnerability, identified as CVE-2025-54660, has been discovered in Fortinet’s FortiClientWindows application. This medium-severity flaw could allow a local attacker to potentially retrieve saved VPN user passwords. The vulnerability stems from active debug code left in the application, allowing for step-by-step execution and data extraction. Technical Details CVE-2025-54660 resides in the debug code present in specific versions of FortiClientWindows. The affected versions include: FortiClientWindows 7.4.0 through 7.4.3 FortiClientWindows 7.2.0 through 7.2.10 FortiClientWindows 7.0 all versions The active debug code allows a local attacker to run the application in a debugging environment. By stepping through the code…