{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox PaaS 21.x, 22.x, et 23.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox PaaS versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-U versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 5.x et 6.x ant\u00e9rieures \u00e0 6.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox Cloud 24 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.9",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.x ant\u00e9rieures \u00e0 5.0.2",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTokenAndroid versions ant\u00e9rieures \u00e0 6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.5.x ant\u00e9rieures \u00e0 6.5.7",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox Cloud 23 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox Cloud versions 5.x ant\u00e9rieures \u00e0 5.0.6",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.6.x ant\u00e9rieures \u00e0 6.6.9",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.x ant\u00e9rieures \u00e0 7.4.10",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox PaaS versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 8.0.x ant\u00e9rieures \u00e0 8.0.3",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-44279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44279"
    },
    {
      "name": "CVE-2026-25690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25690"
    },
    {
      "name": "CVE-2026-44277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44277"
    },
    {
      "name": "CVE-2025-53844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53844"
    },
    {
      "name": "CVE-2025-53681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53681"
    },
    {
      "name": "CVE-2026-26083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26083"
    },
    {
      "name": "CVE-2025-67604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67604"
    },
    {
      "name": "CVE-2026-44278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44278"
    },
    {
      "name": "CVE-2025-53680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53680"
    },
    {
      "name": "CVE-2025-53870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53870"
    },
    {
      "name": "CVE-2026-25088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25088"
    }
  ],
  "initial_release_date": "2026-05-13T00:00:00",
  "last_revision_date": "2026-05-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0575",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-137",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-137"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-133",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-133"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-138",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-138"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-130",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-130"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-134",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-134"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-136",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-136"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-123",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-123"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-129",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-129"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-128",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-128"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-132",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-132"
    },
    {
      "published_at": "2026-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-26-131",
      "url": "https://www.fortiguard.com/psirt/FG-IR-26-131"
    }
  ]
}

{
  "affected": [
    {
      "affectedData": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.3",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.8",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.11",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.17",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.16",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.17",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.18",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "source": "psirt@fortinet.com"
    },
    {
      "affectedData": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM APE1808",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FAAA2E-7A53-4F6B-A9C7-1E2B4CB5F7EB",
              "versionEndExcluding": "7.2.12",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2093EFE3-4B7F-4806-9850-C42B26BC64AC",
              "versionEndExcluding": "7.4.9",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1C30E0D-7F09-42D2-9EB1-E2196BD50D75",
              "versionEndExcluding": "7.6.4",
              "versionStartIncluding": "7.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets."
    }
  ],
  "id": "CVE-2025-53844",
  "lastModified": "2026-06-17T09:39:01.180",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-53844",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-05-12T00:00:00+00:00",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-05-12T18:16:35.983",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-123"
    },
    {
      "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "psirt@fortinet.com",
      "type": "Secondary"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2025-53844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T18:16:35Z",
    "severity": "HIGH"
  },
  "details": "A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.",
  "id": "GHSA-67q8-5ppc-5hgr",
  "modified": "2026-06-09T12:32:01Z",
  "published": "2026-05-12T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53844"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-123"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products.\n\nSiemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet\u0027s upstream security notifications.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-864900: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-864900.html"
      },
      {
        "category": "self",
        "summary": "SSA-864900: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-864900.json"
      }
    ],
    "title": "SSA-864900: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices",
    "tracking": {
      "current_release_date": "2026-06-09T00:00:00.000Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-864900",
      "initial_release_date": "2025-05-13T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-05-13T00:00:00.000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2025-07-08T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added CVE-2025-24471, CVE-2025-22862, CVE-2024-50562 and CVE-2025-25250"
        },
        {
          "date": "2025-08-12T00:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added CVE-2024-55599"
        },
        {
          "date": "2025-09-09T00:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added CVE-2025-25248 and CVE-2025-53744"
        },
        {
          "date": "2025-11-11T00:00:00.000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added CVE-2025-57740, CVE-2025-31514, CVE-2025-58903, CVE-2025-31366, CVE-2025-47890 and CVE-2025-25253"
        },
        {
          "date": "2026-01-13T00:00:00.000Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added CVE-2025-54821, CVE-2025-58413, CVE-2025-53843, CVE-2025-59718 and CVE-2025-59719"
        },
        {
          "date": "2026-01-22T00:00:00.000Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Updated remediation for CVE-2024-52963 , CVE-2024-32122, CVE-2024-32122, CVE-2024-50562, CVE-2025-22862, CVE-2025-24471, CVE-2025-25250 , CVE-2024-55599, CVE-2025-25248, CVE-2025-53744, CVE-2025-57740, CVE-2025-58903, CVE-2025-31366, CVE-2025-47890, CVE-2025-25253, CVE-2025-58413, CVE-2025-53843, CVE-2025-59718 and CVE-2025-59719"
        },
        {
          "date": "2026-02-10T00:00:00.000Z",
          "legacy_version": "1.7",
          "number": "8",
          "summary": "Added CVE-2025-25249"
        },
        {
          "date": "2026-06-09T00:00:00.000Z",
          "legacy_version": "1.8",
          "number": "9",
          "summary": "Added CVE-2025-53844. Updated remediation for CVE-2025-31514 and CVE-2025-54821"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "RUGGEDCOM APE1808",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM APE1808"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-32122",
      "cwe": {
        "id": "CWE-522",
        "name": "Insufficiently Protected Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An insufficiently protected credentials vulnerability in FortiOS may allow a privileged authenticated attacker to retrieve LDAP credentials via modifying the LDAP server IP address in the FortiOS configuration to point to a malicious attacker-controlled server.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-32122"
    },
    {
      "cve": "CVE-2024-50562",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RC:R",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-50562"
    },
    {
      "cve": "CVE-2024-52963",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Under the config vpn ipsec phase1-interface configuration, either set authmethod to psk, or set digital-signature-auth to disable (see https://fortiguard.fortinet.com/psirt/FG-IR-24-373)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:W/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-52963"
    },
    {
      "cve": "CVE-2024-55599",
      "cwe": {
        "id": "CWE-358",
        "name": "Improperly Implemented Security Check for Standard"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a remote unauthenticated user to bypass the DNS filter via Apple devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-55599"
    },
    {
      "cve": "CVE-2025-22862",
      "cwe": {
        "id": "CWE-288",
        "name": "Authentication Bypass Using an Alternate Path or Channel"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in FortiOS and FortiProxy may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-22862"
    },
    {
      "cve": "CVE-2025-24471",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An\u00a0Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-24471"
    },
    {
      "cve": "CVE-2025-25248",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An\u00a0Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RC:R",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-25248"
    },
    {
      "cve": "CVE-2025-25249",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packets",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "For each interface, remove \"fabric\" access (see https://fortiguard.fortinet.com/psirt/FG-IR-25-084)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-25249"
    },
    {
      "cve": "CVE-2025-25250",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RC:R",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-25250"
    },
    {
      "cve": "CVE-2025-25253",
      "cwe": {
        "id": "CWE-297",
        "name": "Improper Validation of Certificate with Host Mismatch"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-25253"
    },
    {
      "cve": "CVE-2025-31366",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] in FortiOS 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4.0 through 7.4.9, 7.2 all versions, 7.0 all versions; FortiSASE 25.3.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-31366"
    },
    {
      "cve": "CVE-2025-31514",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.6.6 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2025-31514"
    },
    {
      "cve": "CVE-2025-47890",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions; FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-47890"
    },
    {
      "cve": "CVE-2025-53744",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-53744"
    },
    {
      "cve": "CVE-2025-53843",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable security fabric access into interface. Only allow legit devices in Wifi Controller \u0026gt; Managed FortiAPs (see https://fortiguard.fortinet.com/psirt/FG-IR-25-358 for more information)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-53843"
    },
    {
      "cve": "CVE-2025-53844",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.6.6 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2025-53844"
    },
    {
      "cve": "CVE-2025-54821",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.6.6 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 1.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "2"
          ]
        }
      ],
      "title": "CVE-2025-54821"
    },
    {
      "cve": "CVE-2025-57740",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-57740"
    },
    {
      "cve": "CVE-2025-58413",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable security fabric access into interface. Only allow legit devices in Wifi Controller \u0026gt; Managed FortiAPs. Remove inter-controller-peer elements in config wireless-controller inter-controller configuration. (see https://fortiguard.fortinet.com/psirt/FG-IR-25-632 for more information)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-58413"
    },
    {
      "cve": "CVE-2025-58903",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a  Null Pointer Dereference, crashing the http daemon via a specialy crafted request.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-58903"
    },
    {
      "cve": "CVE-2025-59718",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "To prevent being affected by this vulnerability on vulnerable versions, please turn off the FortiCloud login feature (if enabled, disabled by default) temporarily until upgrading to a non-affected version. (see https://fortiguard.fortinet.com/psirt/FG-IR-25-647 for more information)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-59718"
    },
    {
      "cve": "CVE-2025-59719",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "To prevent being affected by this vulnerability on vulnerable versions, please turn off the FortiCloud login feature (if enabled, disabled by default) temporarily until upgrading to a non-affected version. (see https://fortiguard.fortinet.com/psirt/FG-IR-25-647 for more information)",
          "product_ids": [
            "1"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update Fortigate NGFW to V7.4.9 or later following the secure update recommendation procedure. Contact customer support to receive detailed information",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2025-59719"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FortiOS ist ein geh\u00e4rtetes Betriebssystem f\u00fcr FortiGate Plattformen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Fortinet FortiOS ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1492 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1492.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1492 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1492"
      },
      {
        "category": "external",
        "summary": "FortiGuard Labs PSIRT Advisory FG-IR-26-123 vom 2026-05-12",
        "url": "https://www.fortiguard.com/psirt/FG-IR-26-123"
      }
    ],
    "source_lang": "en-US",
    "title": "Fortinet FortiOS: Schwachstelle erm\u00f6glicht Privilegieneskalation",
    "tracking": {
      "current_release_date": "2026-05-12T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-13T08:46:54.342+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1492",
      "initial_release_date": "2026-05-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.2.12",
                "product": {
                  "name": "Fortinet FortiOS \u003c7.2.12",
                  "product_id": "1813488"
                }
              },
              {
                "category": "product_version",
                "name": "7.2.12",
                "product": {
                  "name": "Fortinet FortiOS 7.2.12",
                  "product_id": "1813488-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:7.2.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.4.9",
                "product": {
                  "name": "Fortinet FortiOS \u003c7.4.9",
                  "product_id": "271C0661-D58E-4867-A88B-806E9E5A58C2"
                }
              },
              {
                "category": "product_version",
                "name": "7.4.9",
                "product": {
                  "name": "Fortinet FortiOS 7.4.9",
                  "product_id": "271C0661-D58E-4867-A88B-806E9E5A58C2-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:7.4.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.6.4",
                "product": {
                  "name": "Fortinet FortiOS \u003c7.6.4",
                  "product_id": "4A62EE9F-5F58-433A-AC07-1EC53B913EBB"
                }
              },
              {
                "category": "product_version",
                "name": "7.6.4",
                "product": {
                  "name": "Fortinet FortiOS 7.6.4",
                  "product_id": "4A62EE9F-5F58-433A-AC07-1EC53B913EBB-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:7.6.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiOS"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-53844",
      "product_status": {
        "known_affected": [
          "1813488",
          "271C0661-D58E-4867-A88B-806E9E5A58C2",
          "4A62EE9F-5F58-433A-AC07-1EC53B913EBB"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2025-53844"
    }
  ]
}