Skip to main content

Fortinet

Vendor security scorecard – 639 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 2625
639
CVEs
65
Critical
202
High
15
KEV
49
PoC
244
Unpatched C/H
6.7%
Patch Rate
3.4%
Avg EPSS

Severity Breakdown

CRITICAL
65
HIGH
202
MEDIUM
335
LOW
37

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2025-64446 Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative commands through crafted HTTP/HTTPS requests. CRITICAL 9.8 88.2% 222
KEV PoC No patch
CVE-2024-55591 FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote attackers to gain super-admin privileges through crafted requests. CRITICAL 9.8 94.2% 213
KEV PoC No patch
CVE-2025-58034 Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized commands on the web application firewall. HIGH 7.2 50.7% 172
KEV PoC No patch
CVE-2016-1909 Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 78.6%. CRITICAL 9.8 78.6% 148
PoC No patch
CVE-2016-6909 Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 63.4%. CRITICAL 9.8 63.4% 132
PoC No patch
CVE-2026-21643 A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized SQL commands. CRITICAL 9.8 0.0% 124
KEV PoC No patch
CVE-2026-35616 Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted network requests. The vulnerability stems from improper access control (CWE-284) and requires no user interaction or privileges (CVSS PR:N). With a CVSS score of 9.1 (Critical) and low attack complexity, this represents a severe exposure for organizations using affected FortiClientEMS versions. The CVSS temporal metrics indicate functional exploit code exists (E:F) with an official fix available (RL:O), making this a high-priority patching target despite no confirmed active exploitation (not present in CISA KEV). CRITICAL 9.8 0.0% 124
KEV PoC No patch
CVE-2025-25256 An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 44.9% and no vendor patch available. CRITICAL 9.8 44.9% 114
PoC No patch
CVE-2026-24858 Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8) that allows unauthenticated remote attackers to gain administrative access through an alternate authentication path. With EPSS 2.8% but KEV listing confirming active exploitation, this vulnerability threatens the security management infrastructure that organizations rely on to protect their networks. CRITICAL 9.8 2.8% 112
KEV No patch
CVE-2025-59718 Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to defeat FortiCloud SSO login by submitting a crafted SAML response, due to improper verification of the response's cryptographic signature. The flaw is confirmed actively exploited (CISA KEV), with Arctic Wolf observing malicious SSO logins in the wild, and EPSS rates it at the 93rd percentile of likelihood. Combined with a 9.8 CVSS score and CWE-347 root cause, this is a top-priority patching target for any organization running affected Fortinet management planes. CRITICAL 9.8 9.5% 108
KEV No patch
CVE-2012-1461 The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 83.9% and no vendor patch available. MEDIUM 4.3 83.9% 105
No patch
CVE-2012-1459 The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 79.5% and no vendor patch available. MEDIUM 4.3 79.5% 101
No patch
CVE-2015-1880 Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 59.4%. MEDIUM 4.3 59.4% 101
PoC No patch
CVE-2025-24472 FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/downstream device serial numbers to gain super-admin privileges on downstream devices. HIGH 8.1 10.1% 101
KEV No patch
CVE-2012-1453 The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 78.5% and no vendor patch available. MEDIUM 4.3 78.5% 100
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy