Fortinet discloses second firewall auth bypass patched in January
Fortinet has disclosed a second authentication bypass vulnerability that was fixed as part of a January 2025 update for FortiOS and FortiProxy devices.
Multiple flaws in Fortinet FortiOS fixed
Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue.
GreyNoise Labs - Decrypting FortiOS 7.0.x
This article steps through decrypting FortiGate FortiOS 7.0.x firmware.
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
A suspected Chinese actor used a zero-day vulnerability in FortiOS and custom malware for espionage.
PSIRT Advisories
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
A suspected Chinese actor used a zero-day vulnerability in FortiOS and custom malware for espionage.
PSIRT Advisories
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.