Fortinet closes security leaks in several products
Fortinet has closed a number of security gaps in several products. One of them is even considered a critical risk.
(Image: alexskopje/Shutterstock.com)
Fortinet has released security updates for several products. They close security gaps, some of which have been classified as critical risks.
The most serious is a security vulnerability in FortiWeb. Unregistered users from the network can attack an SQL injection vulnerability, as certain elements in an SQL command are not filtered sufficiently. This allows attackers to inject unauthorized SQL code or commands with carefully crafted HTTP or HTTPS requests (CVE-2025-25257, CVSS 9.6, risk “critical”). FortiWeb versions 7.6.4, 7.4.8, 7.2.11 and 7.0.11 and newer patch the vulnerability.
High-risk gap
In FortiVoice, however, attackers with access rights can inject arbitrary code or commands with manipulated HTTP/HTTPS or command line requests. Sufficient filters for certain elements that are built into command line commands are missing in two places (CVE-2025-47856, CVSS 7.2, risk “high”). In FortiVoice 7.2.1, 7.0.7, and 6.4.11 and newer versions, the programmers have closed these security gaps.
Videos by heise
The developers have also plugged security leaks in other Fortinet products. IT managers should check whether they are using these and apply the updates promptly.
Fortinet's security notifications sorted by risk:
- Unauthenticated SQL injection in GUI (FortiWeb), CVE-2025-25257 / no EUVD, CVSS 9.6, risk“critical”
- Command injection vulnerability (FortiVoice), CVE-2025-47856 / no EUVD, CVSS 7.2, risk “high”
- PKI via API: Authentication granted with an invalid certificate (FortiOS, FortiProxy), CVE-2024-52965 / no EUVD, CVSS 6.8, risk “medium”
- Session still active for deleted admin (FortiSandbox, FortiIsolator), CVE-2024-27779 / no EUVD, CVSS 6.3, risk “medium”
- DNS type 65 resource record requests bypass DNS filter (FortiOS, FortiProxy), CVE-2024-55599 / no EUVD, CVSS 4.9, risk “medium”
- Heap-based buffer overflow in cw_stad daemon (FortiOS), CVE-2025-24477 / no EUVD, CVSS 4.0, risk “medium”
- Access control bypass in logging component (FortiIsolator), CVE-2024-32124 / no EUVD, CVSS 4.0, risk “medium”
- SQL injection in forward module (FortiAnalyzer (Cloud), FortiManager (Cloud)), CVE-2025-24474 / no EUVD, CVSS 2.6, risk “low”
Last month, Fortinet had already closed security vulnerabilities in FortiADC and FortiOS, among others. They allowed VPN connections to be redirected, for example. It is advisable to patch the vulnerabilities now addressed by Fortinet quickly, as security gaps in Fortinet products often end up in the standard attack kits of cyber criminals. This was also the case recently with a vulnerability in FortiVoice, which was attacked in the wild.
(dmk)
