Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution
ID: 731b4e5f-75be-53c7-a423-8f7f609abc2d
STIX ID: report--731b4e5f-75be-53c7-a423-8f7f609abc2d
Feed Name: CISecurity.org Advisories
Multiple vulnerabilities were discovered in Fortinet products, including a heap-based buffer overflow in FortiOS/FortiSwitchManager (CVE-2025-25249) and an OS command injection in FortiSIEM (CVE-2025-64155) that could enable remote unauthenticated code execution; additional issues affecting FortiVoice, FortiClientEMS, FortiSandbox, and FortiFone may allow path traversal, SQL injection, SSRF, or information disclosure. Successful exploitation could permit execution of arbitrary code in the context of the affected service account, potentially enabling program installation, data access/modification, or creation of new accounts depending on service account privileges.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.