Skip to main content

Fortigate

Vendor security scorecard – 5 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 37
5
CVEs
0
Critical
3
High
0
KEV
0
PoC
3
Unpatched C/H
0.0%
Patch Rate
0.0%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
3
MEDIUM
1
LOW
1

Monthly CVE Trend

Affected Products (5)

Fortios 3 LDAP 2 Fortiadc 1 Fortisase 1 Fortiswitchmanager 1

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-22153 Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1). HIGH 8.1 0.0% 41
No patch
CVE-2025-25249 A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets [CVSS 8.1 HIGH] HIGH 8.1 0.0% 41
No patch
CVE-2025-31104 FortiADC versions 6.1 through 7.6.1 contain an OS command injection vulnerability (CWE-78) that allows authenticated attackers with high privileges to execute arbitrary code through crafted HTTP requests. The vulnerability affects multiple product versions across several release branches, with a CVSS score of 7.2 indicating high severity. While the attack requires authentication and high-level privileges, successful exploitation results in complete system compromise with confidentiality, integrity, and availability impact. HIGH 7.2 0.1% 36
No patch
CVE-2025-68686 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. [CVSS 5.9 MEDIUM] MEDIUM 5.9 0.0% 30
No patch
CVE-2026-25815 Fortinet FortiOS versions up to 7.6.6 contains a vulnerability that allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in t (CVSS 3.2). LOW 3.2 0.0% 16
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy